./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec4_productSimulator.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec4_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash cf397912a53dab4d44f4df9c274fc7c69b1023a0a0a29a356bc73a744537daa6 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:00:16,252 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:00:16,268 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:00:16,320 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:00:16,320 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:00:16,323 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:00:16,324 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:00:16,327 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:00:16,328 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:00:16,332 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:00:16,335 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:00:16,336 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:00:16,351 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:00:16,354 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:00:16,356 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:00:16,358 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:00:16,359 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:00:16,360 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:00:16,362 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:00:16,366 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:00:16,367 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:00:16,368 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:00:16,370 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:00:16,370 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:00:16,376 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:00:16,376 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:00:16,376 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:00:16,377 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:00:16,378 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:00:16,379 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:00:16,379 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:00:16,380 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:00:16,381 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:00:16,385 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:00:16,386 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:00:16,386 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:00:16,387 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:00:16,387 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:00:16,387 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:00:16,388 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:00:16,389 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:00:16,389 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:00:16,449 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:00:16,450 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:00:16,450 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:00:16,451 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:00:16,451 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:00:16,452 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:00:16,457 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:00:16,457 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:00:16,457 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:00:16,457 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:00:16,458 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:00:16,458 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:00:16,458 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:00:16,459 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:00:16,459 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:00:16,459 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:00:16,459 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:00:16,459 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:00:16,460 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:00:16,460 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:00:16,460 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:00:16,460 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:00:16,460 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:00:16,461 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:00:16,461 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:00:16,461 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:00:16,461 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:00:16,461 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:00:16,462 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:00:16,462 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:00:16,462 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:00:16,462 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:00:16,462 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:00:16,463 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> cf397912a53dab4d44f4df9c274fc7c69b1023a0a0a29a356bc73a744537daa6 [2022-02-20 18:00:16,837 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:00:16,870 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:00:16,872 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:00:16,873 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:00:16,873 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:00:16,875 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec4_productSimulator.cil.c [2022-02-20 18:00:16,928 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c773be266/dedc381916024033ab61e167418b4a5a/FLAGf2d3e39bb [2022-02-20 18:00:17,346 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:00:17,347 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_productSimulator.cil.c [2022-02-20 18:00:17,379 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c773be266/dedc381916024033ab61e167418b4a5a/FLAGf2d3e39bb [2022-02-20 18:00:17,669 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c773be266/dedc381916024033ab61e167418b4a5a [2022-02-20 18:00:17,671 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:00:17,672 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:00:17,673 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:00:17,673 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:00:17,675 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:00:17,676 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:00:17" (1/1) ... [2022-02-20 18:00:17,677 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@15478208 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:17, skipping insertion in model container [2022-02-20 18:00:17,677 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:00:17" (1/1) ... [2022-02-20 18:00:17,682 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:00:17,716 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:00:18,053 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_productSimulator.cil.c[18883,18896] [2022-02-20 18:00:18,232 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:00:18,247 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:00:18,343 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec4_productSimulator.cil.c[18883,18896] [2022-02-20 18:00:18,502 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:00:18,537 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:00:18,537 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:18 WrapperNode [2022-02-20 18:00:18,537 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:00:18,538 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:00:18,538 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:00:18,539 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:00:18,559 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:18" (1/1) ... [2022-02-20 18:00:18,637 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:18" (1/1) ... [2022-02-20 18:00:18,760 INFO L137 Inliner]: procedures = 151, calls = 283, calls flagged for inlining = 67, calls inlined = 64, statements flattened = 1312 [2022-02-20 18:00:18,761 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:00:18,762 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:00:18,762 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:00:18,762 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:00:18,768 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:18" (1/1) ... [2022-02-20 18:00:18,768 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:18" (1/1) ... [2022-02-20 18:00:18,774 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:18" (1/1) ... [2022-02-20 18:00:18,784 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:18" (1/1) ... [2022-02-20 18:00:18,844 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:18" (1/1) ... [2022-02-20 18:00:18,863 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:18" (1/1) ... [2022-02-20 18:00:18,873 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:18" (1/1) ... [2022-02-20 18:00:18,903 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:00:18,912 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:00:18,918 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:00:18,918 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:00:18,919 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:18" (1/1) ... [2022-02-20 18:00:18,928 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:00:18,938 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:18,965 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:00:18,993 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:00:19,018 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:00:19,031 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:00:19,031 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck__before__Keys [2022-02-20 18:00:19,032 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck__before__Keys [2022-02-20 18:00:19,032 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Sign [2022-02-20 18:00:19,032 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Sign [2022-02-20 18:00:19,032 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 18:00:19,032 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 18:00:19,036 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:00:19,036 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:00:19,037 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 18:00:19,037 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 18:00:19,037 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:00:19,037 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:00:19,037 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Verify [2022-02-20 18:00:19,037 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Verify [2022-02-20 18:00:19,037 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:00:19,037 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:00:19,037 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob__before__Keys [2022-02-20 18:00:19,038 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob__before__Keys [2022-02-20 18:00:19,038 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:00:19,038 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:00:19,038 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:00:19,038 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:00:19,038 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:00:19,038 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:00:19,038 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Decrypt [2022-02-20 18:00:19,039 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Decrypt [2022-02-20 18:00:19,039 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Encrypt [2022-02-20 18:00:19,039 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Encrypt [2022-02-20 18:00:19,039 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:00:19,039 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:00:19,039 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:00:19,039 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:00:19,039 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:00:19,040 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:00:19,040 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:00:19,040 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Forward [2022-02-20 18:00:19,040 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Forward [2022-02-20 18:00:19,040 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:00:19,040 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:00:19,040 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 18:00:19,041 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 18:00:19,041 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:00:19,041 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:00:19,041 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable__before__Encrypt [2022-02-20 18:00:19,041 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable__before__Encrypt [2022-02-20 18:00:19,041 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:00:19,041 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:00:19,042 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:00:19,042 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:00:19,042 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:00:19,042 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__AddressBook [2022-02-20 18:00:19,042 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__AddressBook [2022-02-20 18:00:19,042 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Encrypt [2022-02-20 18:00:19,043 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Encrypt [2022-02-20 18:00:19,043 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__AutoResponder [2022-02-20 18:00:19,044 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__AutoResponder [2022-02-20 18:00:19,044 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 18:00:19,044 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 18:00:19,045 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:00:19,045 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:00:19,045 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:00:19,045 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:00:19,046 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:00:19,046 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:00:19,046 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 18:00:19,046 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 18:00:19,046 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:00:19,046 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:00:19,046 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:00:19,046 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:00:19,047 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh__before__Keys [2022-02-20 18:00:19,047 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh__before__Keys [2022-02-20 18:00:19,047 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Verify [2022-02-20 18:00:19,047 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Verify [2022-02-20 18:00:19,047 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:00:19,047 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:00:19,048 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:00:19,048 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:00:19,048 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:00:19,048 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:00:19,048 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:00:19,048 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Sign [2022-02-20 18:00:19,048 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Sign [2022-02-20 18:00:19,048 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2022-02-20 18:00:19,048 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2022-02-20 18:00:19,049 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 18:00:19,049 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 18:00:19,049 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:00:19,049 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:00:19,427 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:00:19,428 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:00:20,258 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:00:20,269 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:00:20,269 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:00:20,271 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:00:20 BoogieIcfgContainer [2022-02-20 18:00:20,271 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:00:20,272 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:00:20,273 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:00:20,277 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:00:20,278 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:00:17" (1/3) ... [2022-02-20 18:00:20,278 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5bf6d7e3 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:00:20, skipping insertion in model container [2022-02-20 18:00:20,279 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:18" (2/3) ... [2022-02-20 18:00:20,279 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5bf6d7e3 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:00:20, skipping insertion in model container [2022-02-20 18:00:20,279 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:00:20" (3/3) ... [2022-02-20 18:00:20,280 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec4_productSimulator.cil.c [2022-02-20 18:00:20,284 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:00:20,284 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:00:20,317 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:00:20,321 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:00:20,322 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:00:20,349 INFO L276 IsEmpty]: Start isEmpty. Operand has 603 states, 448 states have (on average 1.515625) internal successors, (679), 468 states have internal predecessors, (679), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) [2022-02-20 18:00:20,365 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 134 [2022-02-20 18:00:20,366 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:20,366 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:20,367 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:20,371 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:20,371 INFO L85 PathProgramCache]: Analyzing trace with hash -567184417, now seen corresponding path program 1 times [2022-02-20 18:00:20,377 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:20,378 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1913441940] [2022-02-20 18:00:20,378 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:20,378 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:20,522 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,637 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:00:20,640 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,647 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,647 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,648 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1731#return; {606#true} is VALID [2022-02-20 18:00:20,648 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:00:20,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,654 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,654 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,655 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1733#return; {606#true} is VALID [2022-02-20 18:00:20,655 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:00:20,657 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,661 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,661 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,661 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1735#return; {606#true} is VALID [2022-02-20 18:00:20,661 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:20,664 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,666 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,667 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1737#return; {606#true} is VALID [2022-02-20 18:00:20,667 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:00:20,669 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,671 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,672 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1739#return; {606#true} is VALID [2022-02-20 18:00:20,672 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:00:20,675 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,677 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,678 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,678 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1741#return; {606#true} is VALID [2022-02-20 18:00:20,678 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:00:20,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,684 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,684 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1743#return; {606#true} is VALID [2022-02-20 18:00:20,684 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:00:20,687 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,689 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,690 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {606#true} {606#true} #1745#return; {606#true} is VALID [2022-02-20 18:00:20,695 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 18:00:20,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:20,702 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,705 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,705 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,706 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {606#true} #1729#return; {606#true} is VALID [2022-02-20 18:00:20,706 INFO L290 TraceCheckUtils]: 0: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {606#true} is VALID [2022-02-20 18:00:20,707 INFO L272 TraceCheckUtils]: 1: Hoare triple {606#true} call setClientId(~bob___0, ~bob___0); {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:20,707 INFO L290 TraceCheckUtils]: 2: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,707 INFO L290 TraceCheckUtils]: 3: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,708 INFO L290 TraceCheckUtils]: 4: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,708 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {606#true} {606#true} #1729#return; {606#true} is VALID [2022-02-20 18:00:20,708 INFO L290 TraceCheckUtils]: 6: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,708 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {606#true} {606#true} #1751#return; {606#true} is VALID [2022-02-20 18:00:20,708 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:00:20,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,714 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:20,714 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,717 INFO L290 TraceCheckUtils]: 0: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,717 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,717 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,717 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {606#true} #1681#return; {606#true} is VALID [2022-02-20 18:00:20,718 INFO L290 TraceCheckUtils]: 0: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {606#true} is VALID [2022-02-20 18:00:20,719 INFO L272 TraceCheckUtils]: 1: Hoare triple {606#true} call setClientId(~rjh___0, ~rjh___0); {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:20,719 INFO L290 TraceCheckUtils]: 2: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,719 INFO L290 TraceCheckUtils]: 3: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,719 INFO L290 TraceCheckUtils]: 4: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,719 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {606#true} {606#true} #1681#return; {606#true} is VALID [2022-02-20 18:00:20,720 INFO L290 TraceCheckUtils]: 6: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,720 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {606#true} {606#true} #1757#return; {606#true} is VALID [2022-02-20 18:00:20,720 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:00:20,722 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:20,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,729 INFO L290 TraceCheckUtils]: 0: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,729 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,729 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,729 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {606#true} #1623#return; {606#true} is VALID [2022-02-20 18:00:20,729 INFO L290 TraceCheckUtils]: 0: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {606#true} is VALID [2022-02-20 18:00:20,730 INFO L272 TraceCheckUtils]: 1: Hoare triple {606#true} call setClientId(~chuck___0, ~chuck___0); {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:20,730 INFO L290 TraceCheckUtils]: 2: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,731 INFO L290 TraceCheckUtils]: 3: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,731 INFO L290 TraceCheckUtils]: 4: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,731 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {606#true} {606#true} #1623#return; {606#true} is VALID [2022-02-20 18:00:20,731 INFO L290 TraceCheckUtils]: 6: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,731 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {606#true} {606#true} #1763#return; {606#true} is VALID [2022-02-20 18:00:20,736 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:00:20,737 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,740 INFO L290 TraceCheckUtils]: 0: Hoare triple {689#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,740 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,740 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,740 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {607#false} #1645#return; {607#false} is VALID [2022-02-20 18:00:20,745 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:00:20,747 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,749 INFO L290 TraceCheckUtils]: 0: Hoare triple {690#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,750 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,750 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,750 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {607#false} #1647#return; {607#false} is VALID [2022-02-20 18:00:20,750 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:00:20,751 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,753 INFO L290 TraceCheckUtils]: 0: Hoare triple {689#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,754 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,754 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,754 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {607#false} #1657#return; {607#false} is VALID [2022-02-20 18:00:20,754 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:00:20,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,757 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} ~handle := #in~handle;havoc ~retValue_acc~33; {606#true} is VALID [2022-02-20 18:00:20,757 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {606#true} is VALID [2022-02-20 18:00:20,758 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,758 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {607#false} #1659#return; {607#false} is VALID [2022-02-20 18:00:20,758 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:00:20,759 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:20,761 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} ~handle := #in~handle;havoc ~retValue_acc~15; {606#true} is VALID [2022-02-20 18:00:20,761 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {606#true} is VALID [2022-02-20 18:00:20,762 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,762 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {606#true} {607#false} #1661#return; {607#false} is VALID [2022-02-20 18:00:20,763 INFO L290 TraceCheckUtils]: 0: Hoare triple {606#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {606#true} is VALID [2022-02-20 18:00:20,763 INFO L290 TraceCheckUtils]: 1: Hoare triple {606#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {606#true} is VALID [2022-02-20 18:00:20,763 INFO L290 TraceCheckUtils]: 2: Hoare triple {606#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {606#true} is VALID [2022-02-20 18:00:20,763 INFO L272 TraceCheckUtils]: 3: Hoare triple {606#true} call select_features_#t~ret50#1 := select_one(); {606#true} is VALID [2022-02-20 18:00:20,764 INFO L290 TraceCheckUtils]: 4: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,764 INFO L290 TraceCheckUtils]: 5: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,764 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {606#true} {606#true} #1731#return; {606#true} is VALID [2022-02-20 18:00:20,764 INFO L290 TraceCheckUtils]: 7: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {606#true} is VALID [2022-02-20 18:00:20,764 INFO L272 TraceCheckUtils]: 8: Hoare triple {606#true} call select_features_#t~ret51#1 := select_one(); {606#true} is VALID [2022-02-20 18:00:20,765 INFO L290 TraceCheckUtils]: 9: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,765 INFO L290 TraceCheckUtils]: 10: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,765 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {606#true} {606#true} #1733#return; {606#true} is VALID [2022-02-20 18:00:20,765 INFO L290 TraceCheckUtils]: 12: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {606#true} is VALID [2022-02-20 18:00:20,765 INFO L272 TraceCheckUtils]: 13: Hoare triple {606#true} call select_features_#t~ret52#1 := select_one(); {606#true} is VALID [2022-02-20 18:00:20,766 INFO L290 TraceCheckUtils]: 14: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,766 INFO L290 TraceCheckUtils]: 15: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,766 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {606#true} {606#true} #1735#return; {606#true} is VALID [2022-02-20 18:00:20,766 INFO L290 TraceCheckUtils]: 17: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {606#true} is VALID [2022-02-20 18:00:20,767 INFO L272 TraceCheckUtils]: 18: Hoare triple {606#true} call select_features_#t~ret53#1 := select_one(); {606#true} is VALID [2022-02-20 18:00:20,767 INFO L290 TraceCheckUtils]: 19: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,767 INFO L290 TraceCheckUtils]: 20: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,767 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {606#true} {606#true} #1737#return; {606#true} is VALID [2022-02-20 18:00:20,767 INFO L290 TraceCheckUtils]: 22: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {606#true} is VALID [2022-02-20 18:00:20,768 INFO L272 TraceCheckUtils]: 23: Hoare triple {606#true} call select_features_#t~ret54#1 := select_one(); {606#true} is VALID [2022-02-20 18:00:20,768 INFO L290 TraceCheckUtils]: 24: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,768 INFO L290 TraceCheckUtils]: 25: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,768 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {606#true} {606#true} #1739#return; {606#true} is VALID [2022-02-20 18:00:20,768 INFO L290 TraceCheckUtils]: 27: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {606#true} is VALID [2022-02-20 18:00:20,768 INFO L272 TraceCheckUtils]: 28: Hoare triple {606#true} call select_features_#t~ret55#1 := select_one(); {606#true} is VALID [2022-02-20 18:00:20,769 INFO L290 TraceCheckUtils]: 29: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,769 INFO L290 TraceCheckUtils]: 30: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,769 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {606#true} {606#true} #1741#return; {606#true} is VALID [2022-02-20 18:00:20,769 INFO L290 TraceCheckUtils]: 32: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {606#true} is VALID [2022-02-20 18:00:20,769 INFO L272 TraceCheckUtils]: 33: Hoare triple {606#true} call select_features_#t~ret56#1 := select_one(); {606#true} is VALID [2022-02-20 18:00:20,770 INFO L290 TraceCheckUtils]: 34: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,770 INFO L290 TraceCheckUtils]: 35: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,770 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {606#true} {606#true} #1743#return; {606#true} is VALID [2022-02-20 18:00:20,770 INFO L290 TraceCheckUtils]: 37: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {606#true} is VALID [2022-02-20 18:00:20,770 INFO L272 TraceCheckUtils]: 38: Hoare triple {606#true} call select_features_#t~ret57#1 := select_one(); {606#true} is VALID [2022-02-20 18:00:20,771 INFO L290 TraceCheckUtils]: 39: Hoare triple {606#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {606#true} is VALID [2022-02-20 18:00:20,771 INFO L290 TraceCheckUtils]: 40: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,771 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {606#true} {606#true} #1745#return; {606#true} is VALID [2022-02-20 18:00:20,771 INFO L290 TraceCheckUtils]: 42: Hoare triple {606#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {606#true} is VALID [2022-02-20 18:00:20,771 INFO L290 TraceCheckUtils]: 43: Hoare triple {606#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {606#true} is VALID [2022-02-20 18:00:20,772 INFO L290 TraceCheckUtils]: 44: Hoare triple {606#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {606#true} is VALID [2022-02-20 18:00:20,772 INFO L290 TraceCheckUtils]: 45: Hoare triple {606#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~15#1 := 0; {606#true} is VALID [2022-02-20 18:00:20,772 INFO L290 TraceCheckUtils]: 46: Hoare triple {606#true} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {606#true} is VALID [2022-02-20 18:00:20,772 INFO L290 TraceCheckUtils]: 47: Hoare triple {606#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {606#true} is VALID [2022-02-20 18:00:20,772 INFO L290 TraceCheckUtils]: 48: Hoare triple {606#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {606#true} is VALID [2022-02-20 18:00:20,773 INFO L290 TraceCheckUtils]: 49: Hoare triple {606#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {606#true} is VALID [2022-02-20 18:00:20,774 INFO L272 TraceCheckUtils]: 50: Hoare triple {606#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:20,774 INFO L290 TraceCheckUtils]: 51: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {606#true} is VALID [2022-02-20 18:00:20,774 INFO L272 TraceCheckUtils]: 52: Hoare triple {606#true} call setClientId(~bob___0, ~bob___0); {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:20,775 INFO L290 TraceCheckUtils]: 53: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,775 INFO L290 TraceCheckUtils]: 54: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,775 INFO L290 TraceCheckUtils]: 55: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,775 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {606#true} {606#true} #1729#return; {606#true} is VALID [2022-02-20 18:00:20,775 INFO L290 TraceCheckUtils]: 57: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,776 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {606#true} {606#true} #1751#return; {606#true} is VALID [2022-02-20 18:00:20,776 INFO L290 TraceCheckUtils]: 59: Hoare triple {606#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {606#true} is VALID [2022-02-20 18:00:20,776 INFO L290 TraceCheckUtils]: 60: Hoare triple {606#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {606#true} is VALID [2022-02-20 18:00:20,777 INFO L272 TraceCheckUtils]: 61: Hoare triple {606#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:20,777 INFO L290 TraceCheckUtils]: 62: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {606#true} is VALID [2022-02-20 18:00:20,778 INFO L272 TraceCheckUtils]: 63: Hoare triple {606#true} call setClientId(~rjh___0, ~rjh___0); {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:20,778 INFO L290 TraceCheckUtils]: 64: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,778 INFO L290 TraceCheckUtils]: 65: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,778 INFO L290 TraceCheckUtils]: 66: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,778 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {606#true} {606#true} #1681#return; {606#true} is VALID [2022-02-20 18:00:20,778 INFO L290 TraceCheckUtils]: 68: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,779 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {606#true} {606#true} #1757#return; {606#true} is VALID [2022-02-20 18:00:20,779 INFO L290 TraceCheckUtils]: 70: Hoare triple {606#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {606#true} is VALID [2022-02-20 18:00:20,779 INFO L290 TraceCheckUtils]: 71: Hoare triple {606#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {606#true} is VALID [2022-02-20 18:00:20,780 INFO L272 TraceCheckUtils]: 72: Hoare triple {606#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:20,780 INFO L290 TraceCheckUtils]: 73: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {606#true} is VALID [2022-02-20 18:00:20,781 INFO L272 TraceCheckUtils]: 74: Hoare triple {606#true} call setClientId(~chuck___0, ~chuck___0); {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:20,781 INFO L290 TraceCheckUtils]: 75: Hoare triple {676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,781 INFO L290 TraceCheckUtils]: 76: Hoare triple {606#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,781 INFO L290 TraceCheckUtils]: 77: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,781 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {606#true} {606#true} #1623#return; {606#true} is VALID [2022-02-20 18:00:20,782 INFO L290 TraceCheckUtils]: 79: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,782 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {606#true} {606#true} #1763#return; {606#true} is VALID [2022-02-20 18:00:20,782 INFO L290 TraceCheckUtils]: 81: Hoare triple {606#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {606#true} is VALID [2022-02-20 18:00:20,782 INFO L290 TraceCheckUtils]: 82: Hoare triple {606#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {606#true} is VALID [2022-02-20 18:00:20,783 INFO L290 TraceCheckUtils]: 83: Hoare triple {606#true} assume !true; {607#false} is VALID [2022-02-20 18:00:20,783 INFO L290 TraceCheckUtils]: 84: Hoare triple {607#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {607#false} is VALID [2022-02-20 18:00:20,783 INFO L272 TraceCheckUtils]: 85: Hoare triple {607#false} call sendEmail(~bob~0, ~rjh~0); {607#false} is VALID [2022-02-20 18:00:20,784 INFO L290 TraceCheckUtils]: 86: Hoare triple {607#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {607#false} is VALID [2022-02-20 18:00:20,784 INFO L272 TraceCheckUtils]: 87: Hoare triple {607#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {689#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:20,784 INFO L290 TraceCheckUtils]: 88: Hoare triple {689#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,784 INFO L290 TraceCheckUtils]: 89: Hoare triple {606#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,784 INFO L290 TraceCheckUtils]: 90: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,784 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {606#true} {607#false} #1645#return; {607#false} is VALID [2022-02-20 18:00:20,785 INFO L272 TraceCheckUtils]: 92: Hoare triple {607#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {690#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:20,785 INFO L290 TraceCheckUtils]: 93: Hoare triple {690#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,785 INFO L290 TraceCheckUtils]: 94: Hoare triple {606#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,785 INFO L290 TraceCheckUtils]: 95: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,785 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {606#true} {607#false} #1647#return; {607#false} is VALID [2022-02-20 18:00:20,786 INFO L290 TraceCheckUtils]: 97: Hoare triple {607#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {607#false} is VALID [2022-02-20 18:00:20,786 INFO L290 TraceCheckUtils]: 98: Hoare triple {607#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {607#false} is VALID [2022-02-20 18:00:20,786 INFO L272 TraceCheckUtils]: 99: Hoare triple {607#false} call outgoing(~sender#1, ~email~0#1); {607#false} is VALID [2022-02-20 18:00:20,786 INFO L290 TraceCheckUtils]: 100: Hoare triple {607#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {607#false} is VALID [2022-02-20 18:00:20,786 INFO L290 TraceCheckUtils]: 101: Hoare triple {607#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {607#false} is VALID [2022-02-20 18:00:20,787 INFO L272 TraceCheckUtils]: 102: Hoare triple {607#false} call outgoing__before__Sign(~client#1, ~msg#1); {607#false} is VALID [2022-02-20 18:00:20,787 INFO L290 TraceCheckUtils]: 103: Hoare triple {607#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {607#false} is VALID [2022-02-20 18:00:20,787 INFO L290 TraceCheckUtils]: 104: Hoare triple {607#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {607#false} is VALID [2022-02-20 18:00:20,787 INFO L272 TraceCheckUtils]: 105: Hoare triple {607#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {607#false} is VALID [2022-02-20 18:00:20,787 INFO L290 TraceCheckUtils]: 106: Hoare triple {607#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {607#false} is VALID [2022-02-20 18:00:20,787 INFO L290 TraceCheckUtils]: 107: Hoare triple {607#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {607#false} is VALID [2022-02-20 18:00:20,788 INFO L272 TraceCheckUtils]: 108: Hoare triple {607#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {607#false} is VALID [2022-02-20 18:00:20,788 INFO L290 TraceCheckUtils]: 109: Hoare triple {607#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {607#false} is VALID [2022-02-20 18:00:20,788 INFO L290 TraceCheckUtils]: 110: Hoare triple {607#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {607#false} is VALID [2022-02-20 18:00:20,788 INFO L290 TraceCheckUtils]: 111: Hoare triple {607#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {607#false} is VALID [2022-02-20 18:00:20,789 INFO L272 TraceCheckUtils]: 112: Hoare triple {607#false} call setEmailFrom(~msg#1, ~tmp~2#1); {689#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:20,789 INFO L290 TraceCheckUtils]: 113: Hoare triple {689#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {606#true} is VALID [2022-02-20 18:00:20,789 INFO L290 TraceCheckUtils]: 114: Hoare triple {606#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {606#true} is VALID [2022-02-20 18:00:20,789 INFO L290 TraceCheckUtils]: 115: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,789 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {606#true} {607#false} #1657#return; {607#false} is VALID [2022-02-20 18:00:20,789 INFO L290 TraceCheckUtils]: 117: Hoare triple {607#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {607#false} is VALID [2022-02-20 18:00:20,790 INFO L272 TraceCheckUtils]: 118: Hoare triple {607#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {606#true} is VALID [2022-02-20 18:00:20,790 INFO L290 TraceCheckUtils]: 119: Hoare triple {606#true} ~handle := #in~handle;havoc ~retValue_acc~33; {606#true} is VALID [2022-02-20 18:00:20,790 INFO L290 TraceCheckUtils]: 120: Hoare triple {606#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {606#true} is VALID [2022-02-20 18:00:20,790 INFO L290 TraceCheckUtils]: 121: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,790 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {606#true} {607#false} #1659#return; {607#false} is VALID [2022-02-20 18:00:20,791 INFO L290 TraceCheckUtils]: 123: Hoare triple {607#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {607#false} is VALID [2022-02-20 18:00:20,791 INFO L290 TraceCheckUtils]: 124: Hoare triple {607#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {607#false} is VALID [2022-02-20 18:00:20,791 INFO L272 TraceCheckUtils]: 125: Hoare triple {607#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {606#true} is VALID [2022-02-20 18:00:20,791 INFO L290 TraceCheckUtils]: 126: Hoare triple {606#true} ~handle := #in~handle;havoc ~retValue_acc~15; {606#true} is VALID [2022-02-20 18:00:20,791 INFO L290 TraceCheckUtils]: 127: Hoare triple {606#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {606#true} is VALID [2022-02-20 18:00:20,791 INFO L290 TraceCheckUtils]: 128: Hoare triple {606#true} assume true; {606#true} is VALID [2022-02-20 18:00:20,792 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {606#true} {607#false} #1661#return; {607#false} is VALID [2022-02-20 18:00:20,792 INFO L290 TraceCheckUtils]: 130: Hoare triple {607#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {607#false} is VALID [2022-02-20 18:00:20,803 INFO L290 TraceCheckUtils]: 131: Hoare triple {607#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {607#false} is VALID [2022-02-20 18:00:20,803 INFO L290 TraceCheckUtils]: 132: Hoare triple {607#false} assume !false; {607#false} is VALID [2022-02-20 18:00:20,804 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:00:20,805 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:20,806 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1913441940] [2022-02-20 18:00:20,806 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1913441940] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:20,806 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:20,807 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:00:20,808 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [394925102] [2022-02-20 18:00:20,808 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:20,813 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 13.4) internal successors, (67), 2 states have internal predecessors, (67), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) Word has length 133 [2022-02-20 18:00:20,814 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:20,817 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 13.4) internal successors, (67), 2 states have internal predecessors, (67), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:20,916 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 110 edges. 110 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:20,916 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:00:20,916 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:20,930 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:00:20,931 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:00:20,935 INFO L87 Difference]: Start difference. First operand has 603 states, 448 states have (on average 1.515625) internal successors, (679), 468 states have internal predecessors, (679), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) Second operand has 5 states, 5 states have (on average 13.4) internal successors, (67), 2 states have internal predecessors, (67), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:25,476 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:25,477 INFO L93 Difference]: Finished difference Result 1078 states and 1627 transitions. [2022-02-20 18:00:25,477 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:00:25,477 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 13.4) internal successors, (67), 2 states have internal predecessors, (67), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) Word has length 133 [2022-02-20 18:00:25,478 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:25,479 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 13.4) internal successors, (67), 2 states have internal predecessors, (67), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:25,528 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1627 transitions. [2022-02-20 18:00:25,529 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 13.4) internal successors, (67), 2 states have internal predecessors, (67), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:25,556 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1627 transitions. [2022-02-20 18:00:25,557 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 1627 transitions. [2022-02-20 18:00:27,163 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1627 edges. 1627 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:27,253 INFO L225 Difference]: With dead ends: 1078 [2022-02-20 18:00:27,253 INFO L226 Difference]: Without dead ends: 737 [2022-02-20 18:00:27,259 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 48 GetRequests, 41 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:00:27,262 INFO L933 BasicCegarLoop]: 928 mSDtfsCounter, 1341 mSDsluCounter, 714 mSDsCounter, 0 mSdLazyCounter, 532 mSolverCounterSat, 624 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1348 SdHoareTripleChecker+Valid, 1642 SdHoareTripleChecker+Invalid, 1156 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 624 IncrementalHoareTripleChecker+Valid, 532 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:27,275 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1348 Valid, 1642 Invalid, 1156 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [624 Valid, 532 Invalid, 0 Unknown, 0 Unchecked, 1.8s Time] [2022-02-20 18:00:27,288 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 737 states. [2022-02-20 18:00:27,366 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 737 to 596. [2022-02-20 18:00:27,366 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:27,369 INFO L82 GeneralOperation]: Start isEquivalent. First operand 737 states. Second operand has 596 states, 442 states have (on average 1.51131221719457) internal successors, (668), 461 states have internal predecessors, (668), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:00:27,372 INFO L74 IsIncluded]: Start isIncluded. First operand 737 states. Second operand has 596 states, 442 states have (on average 1.51131221719457) internal successors, (668), 461 states have internal predecessors, (668), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:00:27,374 INFO L87 Difference]: Start difference. First operand 737 states. Second operand has 596 states, 442 states have (on average 1.51131221719457) internal successors, (668), 461 states have internal predecessors, (668), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:00:27,407 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:27,407 INFO L93 Difference]: Finished difference Result 737 states and 1126 transitions. [2022-02-20 18:00:27,408 INFO L276 IsEmpty]: Start isEmpty. Operand 737 states and 1126 transitions. [2022-02-20 18:00:27,412 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:27,412 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:27,418 INFO L74 IsIncluded]: Start isIncluded. First operand has 596 states, 442 states have (on average 1.51131221719457) internal successors, (668), 461 states have internal predecessors, (668), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 737 states. [2022-02-20 18:00:27,420 INFO L87 Difference]: Start difference. First operand has 596 states, 442 states have (on average 1.51131221719457) internal successors, (668), 461 states have internal predecessors, (668), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 737 states. [2022-02-20 18:00:27,485 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:27,485 INFO L93 Difference]: Finished difference Result 737 states and 1126 transitions. [2022-02-20 18:00:27,485 INFO L276 IsEmpty]: Start isEmpty. Operand 737 states and 1126 transitions. [2022-02-20 18:00:27,488 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:27,489 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:27,489 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:27,489 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:27,491 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 596 states, 442 states have (on average 1.51131221719457) internal successors, (668), 461 states have internal predecessors, (668), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:00:27,517 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 596 states to 596 states and 887 transitions. [2022-02-20 18:00:27,519 INFO L78 Accepts]: Start accepts. Automaton has 596 states and 887 transitions. Word has length 133 [2022-02-20 18:00:27,520 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:27,520 INFO L470 AbstractCegarLoop]: Abstraction has 596 states and 887 transitions. [2022-02-20 18:00:27,521 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 13.4) internal successors, (67), 2 states have internal predecessors, (67), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:27,521 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 887 transitions. [2022-02-20 18:00:27,528 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 135 [2022-02-20 18:00:27,529 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:27,529 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:27,529 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:00:27,530 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:27,531 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:27,531 INFO L85 PathProgramCache]: Analyzing trace with hash 1887142888, now seen corresponding path program 1 times [2022-02-20 18:00:27,531 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:27,531 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1525240261] [2022-02-20 18:00:27,531 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:27,532 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:27,602 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:00:27,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,675 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,675 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4512#true} {4512#true} #1731#return; {4512#true} is VALID [2022-02-20 18:00:27,675 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:00:27,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,679 INFO L290 TraceCheckUtils]: 0: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,680 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4512#true} {4512#true} #1733#return; {4512#true} is VALID [2022-02-20 18:00:27,680 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:00:27,683 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,686 INFO L290 TraceCheckUtils]: 0: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,687 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,687 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4512#true} {4512#true} #1735#return; {4512#true} is VALID [2022-02-20 18:00:27,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:27,689 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,693 INFO L290 TraceCheckUtils]: 0: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,693 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,693 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4512#true} {4512#true} #1737#return; {4512#true} is VALID [2022-02-20 18:00:27,693 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:00:27,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,698 INFO L290 TraceCheckUtils]: 0: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,698 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,698 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4512#true} {4512#true} #1739#return; {4512#true} is VALID [2022-02-20 18:00:27,698 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:00:27,700 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,704 INFO L290 TraceCheckUtils]: 0: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,704 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,704 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4512#true} {4512#true} #1741#return; {4512#true} is VALID [2022-02-20 18:00:27,704 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:00:27,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,713 INFO L290 TraceCheckUtils]: 0: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,713 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,713 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4512#true} {4512#true} #1743#return; {4512#true} is VALID [2022-02-20 18:00:27,713 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:00:27,715 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,717 INFO L290 TraceCheckUtils]: 0: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,718 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,718 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4512#true} {4512#true} #1745#return; {4512#true} is VALID [2022-02-20 18:00:27,723 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 18:00:27,725 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,729 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:27,729 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,733 INFO L290 TraceCheckUtils]: 0: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,733 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,733 INFO L290 TraceCheckUtils]: 2: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,733 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4512#true} {4512#true} #1729#return; {4512#true} is VALID [2022-02-20 18:00:27,734 INFO L290 TraceCheckUtils]: 0: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4512#true} is VALID [2022-02-20 18:00:27,734 INFO L272 TraceCheckUtils]: 1: Hoare triple {4512#true} call setClientId(~bob___0, ~bob___0); {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:27,734 INFO L290 TraceCheckUtils]: 2: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,735 INFO L290 TraceCheckUtils]: 3: Hoare triple {4512#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,735 INFO L290 TraceCheckUtils]: 4: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,735 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4512#true} {4512#true} #1729#return; {4512#true} is VALID [2022-02-20 18:00:27,735 INFO L290 TraceCheckUtils]: 6: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,735 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4512#true} {4513#false} #1751#return; {4513#false} is VALID [2022-02-20 18:00:27,735 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:00:27,737 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,742 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:27,742 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,745 INFO L290 TraceCheckUtils]: 0: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,745 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,746 INFO L290 TraceCheckUtils]: 2: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,746 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4512#true} {4512#true} #1681#return; {4512#true} is VALID [2022-02-20 18:00:27,746 INFO L290 TraceCheckUtils]: 0: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4512#true} is VALID [2022-02-20 18:00:27,750 INFO L272 TraceCheckUtils]: 1: Hoare triple {4512#true} call setClientId(~rjh___0, ~rjh___0); {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:27,763 INFO L290 TraceCheckUtils]: 2: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,763 INFO L290 TraceCheckUtils]: 3: Hoare triple {4512#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,764 INFO L290 TraceCheckUtils]: 4: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,764 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4512#true} {4512#true} #1681#return; {4512#true} is VALID [2022-02-20 18:00:27,764 INFO L290 TraceCheckUtils]: 6: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,764 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4512#true} {4513#false} #1757#return; {4513#false} is VALID [2022-02-20 18:00:27,764 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:00:27,766 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,769 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:27,769 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,771 INFO L290 TraceCheckUtils]: 0: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,772 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,772 INFO L290 TraceCheckUtils]: 2: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,772 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4512#true} {4512#true} #1623#return; {4512#true} is VALID [2022-02-20 18:00:27,772 INFO L290 TraceCheckUtils]: 0: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4512#true} is VALID [2022-02-20 18:00:27,773 INFO L272 TraceCheckUtils]: 1: Hoare triple {4512#true} call setClientId(~chuck___0, ~chuck___0); {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:27,773 INFO L290 TraceCheckUtils]: 2: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,773 INFO L290 TraceCheckUtils]: 3: Hoare triple {4512#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,773 INFO L290 TraceCheckUtils]: 4: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,773 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4512#true} {4512#true} #1623#return; {4512#true} is VALID [2022-02-20 18:00:27,773 INFO L290 TraceCheckUtils]: 6: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,774 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4512#true} {4513#false} #1763#return; {4513#false} is VALID [2022-02-20 18:00:27,779 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:00:27,780 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,782 INFO L290 TraceCheckUtils]: 0: Hoare triple {4598#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,782 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,782 INFO L290 TraceCheckUtils]: 2: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,784 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4512#true} {4513#false} #1645#return; {4513#false} is VALID [2022-02-20 18:00:27,790 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:00:27,791 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,793 INFO L290 TraceCheckUtils]: 0: Hoare triple {4599#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,793 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,793 INFO L290 TraceCheckUtils]: 2: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,793 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4512#true} {4513#false} #1647#return; {4513#false} is VALID [2022-02-20 18:00:27,794 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:00:27,795 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,797 INFO L290 TraceCheckUtils]: 0: Hoare triple {4598#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,797 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,797 INFO L290 TraceCheckUtils]: 2: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,797 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4512#true} {4513#false} #1657#return; {4513#false} is VALID [2022-02-20 18:00:27,797 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:00:27,798 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,800 INFO L290 TraceCheckUtils]: 0: Hoare triple {4512#true} ~handle := #in~handle;havoc ~retValue_acc~33; {4512#true} is VALID [2022-02-20 18:00:27,800 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {4512#true} is VALID [2022-02-20 18:00:27,800 INFO L290 TraceCheckUtils]: 2: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,800 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4512#true} {4513#false} #1659#return; {4513#false} is VALID [2022-02-20 18:00:27,801 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 18:00:27,801 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:27,803 INFO L290 TraceCheckUtils]: 0: Hoare triple {4512#true} ~handle := #in~handle;havoc ~retValue_acc~15; {4512#true} is VALID [2022-02-20 18:00:27,803 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {4512#true} is VALID [2022-02-20 18:00:27,804 INFO L290 TraceCheckUtils]: 2: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,804 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4512#true} {4513#false} #1661#return; {4513#false} is VALID [2022-02-20 18:00:27,804 INFO L290 TraceCheckUtils]: 0: Hoare triple {4512#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {4512#true} is VALID [2022-02-20 18:00:27,804 INFO L290 TraceCheckUtils]: 1: Hoare triple {4512#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {4512#true} is VALID [2022-02-20 18:00:27,804 INFO L290 TraceCheckUtils]: 2: Hoare triple {4512#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {4512#true} is VALID [2022-02-20 18:00:27,804 INFO L272 TraceCheckUtils]: 3: Hoare triple {4512#true} call select_features_#t~ret50#1 := select_one(); {4512#true} is VALID [2022-02-20 18:00:27,805 INFO L290 TraceCheckUtils]: 4: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,805 INFO L290 TraceCheckUtils]: 5: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,805 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {4512#true} {4512#true} #1731#return; {4512#true} is VALID [2022-02-20 18:00:27,805 INFO L290 TraceCheckUtils]: 7: Hoare triple {4512#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {4512#true} is VALID [2022-02-20 18:00:27,805 INFO L272 TraceCheckUtils]: 8: Hoare triple {4512#true} call select_features_#t~ret51#1 := select_one(); {4512#true} is VALID [2022-02-20 18:00:27,805 INFO L290 TraceCheckUtils]: 9: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,805 INFO L290 TraceCheckUtils]: 10: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,805 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {4512#true} {4512#true} #1733#return; {4512#true} is VALID [2022-02-20 18:00:27,805 INFO L290 TraceCheckUtils]: 12: Hoare triple {4512#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {4512#true} is VALID [2022-02-20 18:00:27,806 INFO L272 TraceCheckUtils]: 13: Hoare triple {4512#true} call select_features_#t~ret52#1 := select_one(); {4512#true} is VALID [2022-02-20 18:00:27,806 INFO L290 TraceCheckUtils]: 14: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,806 INFO L290 TraceCheckUtils]: 15: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,806 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4512#true} {4512#true} #1735#return; {4512#true} is VALID [2022-02-20 18:00:27,806 INFO L290 TraceCheckUtils]: 17: Hoare triple {4512#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {4512#true} is VALID [2022-02-20 18:00:27,806 INFO L272 TraceCheckUtils]: 18: Hoare triple {4512#true} call select_features_#t~ret53#1 := select_one(); {4512#true} is VALID [2022-02-20 18:00:27,806 INFO L290 TraceCheckUtils]: 19: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,806 INFO L290 TraceCheckUtils]: 20: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,807 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {4512#true} {4512#true} #1737#return; {4512#true} is VALID [2022-02-20 18:00:27,807 INFO L290 TraceCheckUtils]: 22: Hoare triple {4512#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {4512#true} is VALID [2022-02-20 18:00:27,807 INFO L272 TraceCheckUtils]: 23: Hoare triple {4512#true} call select_features_#t~ret54#1 := select_one(); {4512#true} is VALID [2022-02-20 18:00:27,807 INFO L290 TraceCheckUtils]: 24: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,807 INFO L290 TraceCheckUtils]: 25: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,807 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {4512#true} {4512#true} #1739#return; {4512#true} is VALID [2022-02-20 18:00:27,807 INFO L290 TraceCheckUtils]: 27: Hoare triple {4512#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {4512#true} is VALID [2022-02-20 18:00:27,807 INFO L272 TraceCheckUtils]: 28: Hoare triple {4512#true} call select_features_#t~ret55#1 := select_one(); {4512#true} is VALID [2022-02-20 18:00:27,808 INFO L290 TraceCheckUtils]: 29: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,808 INFO L290 TraceCheckUtils]: 30: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,808 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {4512#true} {4512#true} #1741#return; {4512#true} is VALID [2022-02-20 18:00:27,808 INFO L290 TraceCheckUtils]: 32: Hoare triple {4512#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {4512#true} is VALID [2022-02-20 18:00:27,808 INFO L272 TraceCheckUtils]: 33: Hoare triple {4512#true} call select_features_#t~ret56#1 := select_one(); {4512#true} is VALID [2022-02-20 18:00:27,808 INFO L290 TraceCheckUtils]: 34: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,808 INFO L290 TraceCheckUtils]: 35: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,808 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4512#true} {4512#true} #1743#return; {4512#true} is VALID [2022-02-20 18:00:27,809 INFO L290 TraceCheckUtils]: 37: Hoare triple {4512#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {4512#true} is VALID [2022-02-20 18:00:27,809 INFO L272 TraceCheckUtils]: 38: Hoare triple {4512#true} call select_features_#t~ret57#1 := select_one(); {4512#true} is VALID [2022-02-20 18:00:27,809 INFO L290 TraceCheckUtils]: 39: Hoare triple {4512#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {4512#true} is VALID [2022-02-20 18:00:27,809 INFO L290 TraceCheckUtils]: 40: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,809 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {4512#true} {4512#true} #1745#return; {4512#true} is VALID [2022-02-20 18:00:27,809 INFO L290 TraceCheckUtils]: 42: Hoare triple {4512#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {4512#true} is VALID [2022-02-20 18:00:27,809 INFO L290 TraceCheckUtils]: 43: Hoare triple {4512#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {4512#true} is VALID [2022-02-20 18:00:27,809 INFO L290 TraceCheckUtils]: 44: Hoare triple {4512#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {4512#true} is VALID [2022-02-20 18:00:27,810 INFO L290 TraceCheckUtils]: 45: Hoare triple {4512#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~15#1 := 0; {4538#(= |ULTIMATE.start_valid_product_~tmp~15#1| 0)} is VALID [2022-02-20 18:00:27,810 INFO L290 TraceCheckUtils]: 46: Hoare triple {4538#(= |ULTIMATE.start_valid_product_~tmp~15#1| 0)} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {4539#(= |ULTIMATE.start_valid_product_#res#1| 0)} is VALID [2022-02-20 18:00:27,811 INFO L290 TraceCheckUtils]: 47: Hoare triple {4539#(= |ULTIMATE.start_valid_product_#res#1| 0)} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {4540#(= |ULTIMATE.start_main_~tmp~17#1| 0)} is VALID [2022-02-20 18:00:27,811 INFO L290 TraceCheckUtils]: 48: Hoare triple {4540#(= |ULTIMATE.start_main_~tmp~17#1| 0)} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {4513#false} is VALID [2022-02-20 18:00:27,811 INFO L290 TraceCheckUtils]: 49: Hoare triple {4513#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4513#false} is VALID [2022-02-20 18:00:27,811 INFO L272 TraceCheckUtils]: 50: Hoare triple {4513#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:27,811 INFO L290 TraceCheckUtils]: 51: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4512#true} is VALID [2022-02-20 18:00:27,812 INFO L272 TraceCheckUtils]: 52: Hoare triple {4512#true} call setClientId(~bob___0, ~bob___0); {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:27,812 INFO L290 TraceCheckUtils]: 53: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,812 INFO L290 TraceCheckUtils]: 54: Hoare triple {4512#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,812 INFO L290 TraceCheckUtils]: 55: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,812 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {4512#true} {4512#true} #1729#return; {4512#true} is VALID [2022-02-20 18:00:27,813 INFO L290 TraceCheckUtils]: 57: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,813 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4512#true} {4513#false} #1751#return; {4513#false} is VALID [2022-02-20 18:00:27,813 INFO L290 TraceCheckUtils]: 59: Hoare triple {4513#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {4513#false} is VALID [2022-02-20 18:00:27,813 INFO L290 TraceCheckUtils]: 60: Hoare triple {4513#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4513#false} is VALID [2022-02-20 18:00:27,813 INFO L272 TraceCheckUtils]: 61: Hoare triple {4513#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:27,813 INFO L290 TraceCheckUtils]: 62: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4512#true} is VALID [2022-02-20 18:00:27,814 INFO L272 TraceCheckUtils]: 63: Hoare triple {4512#true} call setClientId(~rjh___0, ~rjh___0); {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:27,814 INFO L290 TraceCheckUtils]: 64: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,814 INFO L290 TraceCheckUtils]: 65: Hoare triple {4512#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,814 INFO L290 TraceCheckUtils]: 66: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,814 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {4512#true} {4512#true} #1681#return; {4512#true} is VALID [2022-02-20 18:00:27,814 INFO L290 TraceCheckUtils]: 68: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,814 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4512#true} {4513#false} #1757#return; {4513#false} is VALID [2022-02-20 18:00:27,815 INFO L290 TraceCheckUtils]: 70: Hoare triple {4513#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {4513#false} is VALID [2022-02-20 18:00:27,815 INFO L290 TraceCheckUtils]: 71: Hoare triple {4513#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4513#false} is VALID [2022-02-20 18:00:27,815 INFO L272 TraceCheckUtils]: 72: Hoare triple {4513#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:27,815 INFO L290 TraceCheckUtils]: 73: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4512#true} is VALID [2022-02-20 18:00:27,816 INFO L272 TraceCheckUtils]: 74: Hoare triple {4512#true} call setClientId(~chuck___0, ~chuck___0); {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:27,816 INFO L290 TraceCheckUtils]: 75: Hoare triple {4585#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,816 INFO L290 TraceCheckUtils]: 76: Hoare triple {4512#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,816 INFO L290 TraceCheckUtils]: 77: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,816 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {4512#true} {4512#true} #1623#return; {4512#true} is VALID [2022-02-20 18:00:27,816 INFO L290 TraceCheckUtils]: 79: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,816 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {4512#true} {4513#false} #1763#return; {4513#false} is VALID [2022-02-20 18:00:27,816 INFO L290 TraceCheckUtils]: 81: Hoare triple {4513#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {4513#false} is VALID [2022-02-20 18:00:27,817 INFO L290 TraceCheckUtils]: 82: Hoare triple {4513#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4513#false} is VALID [2022-02-20 18:00:27,817 INFO L290 TraceCheckUtils]: 83: Hoare triple {4513#false} assume !false; {4513#false} is VALID [2022-02-20 18:00:27,817 INFO L290 TraceCheckUtils]: 84: Hoare triple {4513#false} assume !(test_~splverifierCounter~0#1 < 4); {4513#false} is VALID [2022-02-20 18:00:27,817 INFO L290 TraceCheckUtils]: 85: Hoare triple {4513#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {4513#false} is VALID [2022-02-20 18:00:27,817 INFO L272 TraceCheckUtils]: 86: Hoare triple {4513#false} call sendEmail(~bob~0, ~rjh~0); {4513#false} is VALID [2022-02-20 18:00:27,817 INFO L290 TraceCheckUtils]: 87: Hoare triple {4513#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4513#false} is VALID [2022-02-20 18:00:27,817 INFO L272 TraceCheckUtils]: 88: Hoare triple {4513#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4598#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:27,817 INFO L290 TraceCheckUtils]: 89: Hoare triple {4598#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,818 INFO L290 TraceCheckUtils]: 90: Hoare triple {4512#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,818 INFO L290 TraceCheckUtils]: 91: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,818 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {4512#true} {4513#false} #1645#return; {4513#false} is VALID [2022-02-20 18:00:27,818 INFO L272 TraceCheckUtils]: 93: Hoare triple {4513#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4599#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:27,818 INFO L290 TraceCheckUtils]: 94: Hoare triple {4599#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,818 INFO L290 TraceCheckUtils]: 95: Hoare triple {4512#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,818 INFO L290 TraceCheckUtils]: 96: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,818 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {4512#true} {4513#false} #1647#return; {4513#false} is VALID [2022-02-20 18:00:27,819 INFO L290 TraceCheckUtils]: 98: Hoare triple {4513#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {4513#false} is VALID [2022-02-20 18:00:27,819 INFO L290 TraceCheckUtils]: 99: Hoare triple {4513#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {4513#false} is VALID [2022-02-20 18:00:27,819 INFO L272 TraceCheckUtils]: 100: Hoare triple {4513#false} call outgoing(~sender#1, ~email~0#1); {4513#false} is VALID [2022-02-20 18:00:27,819 INFO L290 TraceCheckUtils]: 101: Hoare triple {4513#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4513#false} is VALID [2022-02-20 18:00:27,819 INFO L290 TraceCheckUtils]: 102: Hoare triple {4513#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {4513#false} is VALID [2022-02-20 18:00:27,819 INFO L272 TraceCheckUtils]: 103: Hoare triple {4513#false} call outgoing__before__Sign(~client#1, ~msg#1); {4513#false} is VALID [2022-02-20 18:00:27,819 INFO L290 TraceCheckUtils]: 104: Hoare triple {4513#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4513#false} is VALID [2022-02-20 18:00:27,819 INFO L290 TraceCheckUtils]: 105: Hoare triple {4513#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {4513#false} is VALID [2022-02-20 18:00:27,820 INFO L272 TraceCheckUtils]: 106: Hoare triple {4513#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {4513#false} is VALID [2022-02-20 18:00:27,820 INFO L290 TraceCheckUtils]: 107: Hoare triple {4513#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4513#false} is VALID [2022-02-20 18:00:27,820 INFO L290 TraceCheckUtils]: 108: Hoare triple {4513#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4513#false} is VALID [2022-02-20 18:00:27,820 INFO L272 TraceCheckUtils]: 109: Hoare triple {4513#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {4513#false} is VALID [2022-02-20 18:00:27,820 INFO L290 TraceCheckUtils]: 110: Hoare triple {4513#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {4513#false} is VALID [2022-02-20 18:00:27,820 INFO L290 TraceCheckUtils]: 111: Hoare triple {4513#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {4513#false} is VALID [2022-02-20 18:00:27,820 INFO L290 TraceCheckUtils]: 112: Hoare triple {4513#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {4513#false} is VALID [2022-02-20 18:00:27,820 INFO L272 TraceCheckUtils]: 113: Hoare triple {4513#false} call setEmailFrom(~msg#1, ~tmp~2#1); {4598#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:27,821 INFO L290 TraceCheckUtils]: 114: Hoare triple {4598#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4512#true} is VALID [2022-02-20 18:00:27,821 INFO L290 TraceCheckUtils]: 115: Hoare triple {4512#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4512#true} is VALID [2022-02-20 18:00:27,821 INFO L290 TraceCheckUtils]: 116: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,821 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {4512#true} {4513#false} #1657#return; {4513#false} is VALID [2022-02-20 18:00:27,821 INFO L290 TraceCheckUtils]: 118: Hoare triple {4513#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {4513#false} is VALID [2022-02-20 18:00:27,821 INFO L272 TraceCheckUtils]: 119: Hoare triple {4513#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {4512#true} is VALID [2022-02-20 18:00:27,821 INFO L290 TraceCheckUtils]: 120: Hoare triple {4512#true} ~handle := #in~handle;havoc ~retValue_acc~33; {4512#true} is VALID [2022-02-20 18:00:27,821 INFO L290 TraceCheckUtils]: 121: Hoare triple {4512#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {4512#true} is VALID [2022-02-20 18:00:27,822 INFO L290 TraceCheckUtils]: 122: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,822 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {4512#true} {4513#false} #1659#return; {4513#false} is VALID [2022-02-20 18:00:27,822 INFO L290 TraceCheckUtils]: 124: Hoare triple {4513#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {4513#false} is VALID [2022-02-20 18:00:27,822 INFO L290 TraceCheckUtils]: 125: Hoare triple {4513#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {4513#false} is VALID [2022-02-20 18:00:27,822 INFO L272 TraceCheckUtils]: 126: Hoare triple {4513#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {4512#true} is VALID [2022-02-20 18:00:27,822 INFO L290 TraceCheckUtils]: 127: Hoare triple {4512#true} ~handle := #in~handle;havoc ~retValue_acc~15; {4512#true} is VALID [2022-02-20 18:00:27,822 INFO L290 TraceCheckUtils]: 128: Hoare triple {4512#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {4512#true} is VALID [2022-02-20 18:00:27,822 INFO L290 TraceCheckUtils]: 129: Hoare triple {4512#true} assume true; {4512#true} is VALID [2022-02-20 18:00:27,822 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {4512#true} {4513#false} #1661#return; {4513#false} is VALID [2022-02-20 18:00:27,823 INFO L290 TraceCheckUtils]: 131: Hoare triple {4513#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {4513#false} is VALID [2022-02-20 18:00:27,823 INFO L290 TraceCheckUtils]: 132: Hoare triple {4513#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {4513#false} is VALID [2022-02-20 18:00:27,823 INFO L290 TraceCheckUtils]: 133: Hoare triple {4513#false} assume !false; {4513#false} is VALID [2022-02-20 18:00:27,823 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:00:27,823 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:27,824 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1525240261] [2022-02-20 18:00:27,824 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1525240261] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:27,824 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:27,824 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:00:27,824 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [541773659] [2022-02-20 18:00:27,824 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:27,826 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) Word has length 134 [2022-02-20 18:00:27,826 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:27,826 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:27,908 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 111 edges. 111 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:27,908 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:00:27,908 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:27,909 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:00:27,909 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:00:27,909 INFO L87 Difference]: Start difference. First operand 596 states and 887 transitions. Second operand has 8 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:36,615 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:36,615 INFO L93 Difference]: Finished difference Result 1297 states and 1957 transitions. [2022-02-20 18:00:36,615 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 18:00:36,616 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) Word has length 134 [2022-02-20 18:00:36,617 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:36,617 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:36,639 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1957 transitions. [2022-02-20 18:00:36,639 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:36,660 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1957 transitions. [2022-02-20 18:00:36,660 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1957 transitions. [2022-02-20 18:00:38,374 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1957 edges. 1957 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:38,416 INFO L225 Difference]: With dead ends: 1297 [2022-02-20 18:00:38,421 INFO L226 Difference]: Without dead ends: 737 [2022-02-20 18:00:38,422 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 41 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=139, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:00:38,423 INFO L933 BasicCegarLoop]: 912 mSDtfsCounter, 1349 mSDsluCounter, 1474 mSDsCounter, 0 mSdLazyCounter, 2945 mSolverCounterSat, 639 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1356 SdHoareTripleChecker+Valid, 2386 SdHoareTripleChecker+Invalid, 3584 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 639 IncrementalHoareTripleChecker+Valid, 2945 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:38,439 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1356 Valid, 2386 Invalid, 3584 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [639 Valid, 2945 Invalid, 0 Unknown, 0 Unchecked, 4.0s Time] [2022-02-20 18:00:38,441 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 737 states. [2022-02-20 18:00:38,470 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 737 to 596. [2022-02-20 18:00:38,470 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:38,472 INFO L82 GeneralOperation]: Start isEquivalent. First operand 737 states. Second operand has 596 states, 442 states have (on average 1.495475113122172) internal successors, (661), 461 states have internal predecessors, (661), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:00:38,473 INFO L74 IsIncluded]: Start isIncluded. First operand 737 states. Second operand has 596 states, 442 states have (on average 1.495475113122172) internal successors, (661), 461 states have internal predecessors, (661), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:00:38,474 INFO L87 Difference]: Start difference. First operand 737 states. Second operand has 596 states, 442 states have (on average 1.495475113122172) internal successors, (661), 461 states have internal predecessors, (661), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:00:38,497 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:38,497 INFO L93 Difference]: Finished difference Result 737 states and 1119 transitions. [2022-02-20 18:00:38,498 INFO L276 IsEmpty]: Start isEmpty. Operand 737 states and 1119 transitions. [2022-02-20 18:00:38,500 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:38,500 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:38,502 INFO L74 IsIncluded]: Start isIncluded. First operand has 596 states, 442 states have (on average 1.495475113122172) internal successors, (661), 461 states have internal predecessors, (661), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 737 states. [2022-02-20 18:00:38,503 INFO L87 Difference]: Start difference. First operand has 596 states, 442 states have (on average 1.495475113122172) internal successors, (661), 461 states have internal predecessors, (661), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 737 states. [2022-02-20 18:00:38,525 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:38,526 INFO L93 Difference]: Finished difference Result 737 states and 1119 transitions. [2022-02-20 18:00:38,526 INFO L276 IsEmpty]: Start isEmpty. Operand 737 states and 1119 transitions. [2022-02-20 18:00:38,528 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:38,528 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:38,528 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:38,528 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:38,530 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 596 states, 442 states have (on average 1.495475113122172) internal successors, (661), 461 states have internal predecessors, (661), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:00:38,548 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 596 states to 596 states and 880 transitions. [2022-02-20 18:00:38,548 INFO L78 Accepts]: Start accepts. Automaton has 596 states and 880 transitions. Word has length 134 [2022-02-20 18:00:38,548 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:38,549 INFO L470 AbstractCegarLoop]: Abstraction has 596 states and 880 transitions. [2022-02-20 18:00:38,550 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 2 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:38,550 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 880 transitions. [2022-02-20 18:00:38,553 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 140 [2022-02-20 18:00:38,553 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:38,553 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:38,554 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:00:38,554 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:38,554 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:38,554 INFO L85 PathProgramCache]: Analyzing trace with hash -1817414579, now seen corresponding path program 1 times [2022-02-20 18:00:38,554 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:38,555 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [197425522] [2022-02-20 18:00:38,555 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:38,555 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:38,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,645 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:00:38,647 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,650 INFO L290 TraceCheckUtils]: 0: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,650 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,650 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8716#true} {8716#true} #1731#return; {8716#true} is VALID [2022-02-20 18:00:38,650 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:00:38,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,658 INFO L290 TraceCheckUtils]: 0: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,658 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,658 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8716#true} {8716#true} #1733#return; {8716#true} is VALID [2022-02-20 18:00:38,658 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:00:38,660 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,663 INFO L290 TraceCheckUtils]: 0: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,663 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,663 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8716#true} {8716#true} #1735#return; {8716#true} is VALID [2022-02-20 18:00:38,663 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:38,665 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,673 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8716#true} {8716#true} #1737#return; {8716#true} is VALID [2022-02-20 18:00:38,673 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:00:38,675 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,678 INFO L290 TraceCheckUtils]: 0: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,679 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8716#true} {8716#true} #1739#return; {8716#true} is VALID [2022-02-20 18:00:38,679 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:00:38,682 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,684 INFO L290 TraceCheckUtils]: 0: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,685 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,685 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8716#true} {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} #1741#return; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,685 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:00:38,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,692 INFO L290 TraceCheckUtils]: 0: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,692 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8716#true} {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} #1743#return; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,692 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:00:38,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,697 INFO L290 TraceCheckUtils]: 0: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,698 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,698 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8716#true} {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} #1745#return; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,702 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:00:38,704 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,705 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:38,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,708 INFO L290 TraceCheckUtils]: 0: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,708 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,708 INFO L290 TraceCheckUtils]: 2: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,708 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8716#true} {8716#true} #1729#return; {8716#true} is VALID [2022-02-20 18:00:38,708 INFO L290 TraceCheckUtils]: 0: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8716#true} is VALID [2022-02-20 18:00:38,709 INFO L272 TraceCheckUtils]: 1: Hoare triple {8716#true} call setClientId(~bob___0, ~bob___0); {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:38,709 INFO L290 TraceCheckUtils]: 2: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,709 INFO L290 TraceCheckUtils]: 3: Hoare triple {8716#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,710 INFO L290 TraceCheckUtils]: 4: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,710 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8716#true} {8716#true} #1729#return; {8716#true} is VALID [2022-02-20 18:00:38,710 INFO L290 TraceCheckUtils]: 6: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,710 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8716#true} {8717#false} #1751#return; {8717#false} is VALID [2022-02-20 18:00:38,710 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:00:38,714 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,720 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:38,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,724 INFO L290 TraceCheckUtils]: 0: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,724 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,724 INFO L290 TraceCheckUtils]: 2: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,724 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8716#true} {8716#true} #1681#return; {8716#true} is VALID [2022-02-20 18:00:38,725 INFO L290 TraceCheckUtils]: 0: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8716#true} is VALID [2022-02-20 18:00:38,725 INFO L272 TraceCheckUtils]: 1: Hoare triple {8716#true} call setClientId(~rjh___0, ~rjh___0); {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:38,725 INFO L290 TraceCheckUtils]: 2: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,725 INFO L290 TraceCheckUtils]: 3: Hoare triple {8716#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,725 INFO L290 TraceCheckUtils]: 4: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,726 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8716#true} {8716#true} #1681#return; {8716#true} is VALID [2022-02-20 18:00:38,726 INFO L290 TraceCheckUtils]: 6: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,726 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8716#true} {8717#false} #1757#return; {8717#false} is VALID [2022-02-20 18:00:38,726 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:00:38,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:38,731 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,733 INFO L290 TraceCheckUtils]: 0: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,733 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,733 INFO L290 TraceCheckUtils]: 2: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,733 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8716#true} {8716#true} #1623#return; {8716#true} is VALID [2022-02-20 18:00:38,734 INFO L290 TraceCheckUtils]: 0: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8716#true} is VALID [2022-02-20 18:00:38,734 INFO L272 TraceCheckUtils]: 1: Hoare triple {8716#true} call setClientId(~chuck___0, ~chuck___0); {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:38,734 INFO L290 TraceCheckUtils]: 2: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,734 INFO L290 TraceCheckUtils]: 3: Hoare triple {8716#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,735 INFO L290 TraceCheckUtils]: 4: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,735 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8716#true} {8716#true} #1623#return; {8716#true} is VALID [2022-02-20 18:00:38,735 INFO L290 TraceCheckUtils]: 6: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,735 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8716#true} {8717#false} #1763#return; {8717#false} is VALID [2022-02-20 18:00:38,739 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:00:38,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,742 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,742 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,742 INFO L290 TraceCheckUtils]: 2: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,743 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8716#true} {8717#false} #1645#return; {8717#false} is VALID [2022-02-20 18:00:38,747 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:00:38,748 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,752 INFO L290 TraceCheckUtils]: 0: Hoare triple {8801#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,752 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,752 INFO L290 TraceCheckUtils]: 2: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,752 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8716#true} {8717#false} #1647#return; {8717#false} is VALID [2022-02-20 18:00:38,752 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:00:38,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,757 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,757 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,757 INFO L290 TraceCheckUtils]: 2: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,757 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8716#true} {8717#false} #1657#return; {8717#false} is VALID [2022-02-20 18:00:38,757 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 18:00:38,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,759 INFO L290 TraceCheckUtils]: 0: Hoare triple {8716#true} ~handle := #in~handle;havoc ~retValue_acc~33; {8716#true} is VALID [2022-02-20 18:00:38,759 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {8716#true} is VALID [2022-02-20 18:00:38,760 INFO L290 TraceCheckUtils]: 2: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,760 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8716#true} {8717#false} #1659#return; {8717#false} is VALID [2022-02-20 18:00:38,760 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 18:00:38,760 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:38,762 INFO L290 TraceCheckUtils]: 0: Hoare triple {8716#true} ~handle := #in~handle;havoc ~retValue_acc~15; {8716#true} is VALID [2022-02-20 18:00:38,762 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {8716#true} is VALID [2022-02-20 18:00:38,762 INFO L290 TraceCheckUtils]: 2: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,762 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8716#true} {8717#false} #1661#return; {8717#false} is VALID [2022-02-20 18:00:38,767 INFO L290 TraceCheckUtils]: 0: Hoare triple {8716#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {8716#true} is VALID [2022-02-20 18:00:38,768 INFO L290 TraceCheckUtils]: 1: Hoare triple {8716#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {8716#true} is VALID [2022-02-20 18:00:38,768 INFO L290 TraceCheckUtils]: 2: Hoare triple {8716#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {8716#true} is VALID [2022-02-20 18:00:38,768 INFO L272 TraceCheckUtils]: 3: Hoare triple {8716#true} call select_features_#t~ret50#1 := select_one(); {8716#true} is VALID [2022-02-20 18:00:38,768 INFO L290 TraceCheckUtils]: 4: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,768 INFO L290 TraceCheckUtils]: 5: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,768 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {8716#true} {8716#true} #1731#return; {8716#true} is VALID [2022-02-20 18:00:38,768 INFO L290 TraceCheckUtils]: 7: Hoare triple {8716#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {8716#true} is VALID [2022-02-20 18:00:38,769 INFO L272 TraceCheckUtils]: 8: Hoare triple {8716#true} call select_features_#t~ret51#1 := select_one(); {8716#true} is VALID [2022-02-20 18:00:38,769 INFO L290 TraceCheckUtils]: 9: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,769 INFO L290 TraceCheckUtils]: 10: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,769 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {8716#true} {8716#true} #1733#return; {8716#true} is VALID [2022-02-20 18:00:38,769 INFO L290 TraceCheckUtils]: 12: Hoare triple {8716#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {8716#true} is VALID [2022-02-20 18:00:38,769 INFO L272 TraceCheckUtils]: 13: Hoare triple {8716#true} call select_features_#t~ret52#1 := select_one(); {8716#true} is VALID [2022-02-20 18:00:38,769 INFO L290 TraceCheckUtils]: 14: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,769 INFO L290 TraceCheckUtils]: 15: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,769 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8716#true} {8716#true} #1735#return; {8716#true} is VALID [2022-02-20 18:00:38,770 INFO L290 TraceCheckUtils]: 17: Hoare triple {8716#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {8716#true} is VALID [2022-02-20 18:00:38,770 INFO L272 TraceCheckUtils]: 18: Hoare triple {8716#true} call select_features_#t~ret53#1 := select_one(); {8716#true} is VALID [2022-02-20 18:00:38,770 INFO L290 TraceCheckUtils]: 19: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,770 INFO L290 TraceCheckUtils]: 20: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,770 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {8716#true} {8716#true} #1737#return; {8716#true} is VALID [2022-02-20 18:00:38,770 INFO L290 TraceCheckUtils]: 22: Hoare triple {8716#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {8716#true} is VALID [2022-02-20 18:00:38,770 INFO L272 TraceCheckUtils]: 23: Hoare triple {8716#true} call select_features_#t~ret54#1 := select_one(); {8716#true} is VALID [2022-02-20 18:00:38,770 INFO L290 TraceCheckUtils]: 24: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,770 INFO L290 TraceCheckUtils]: 25: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,771 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {8716#true} {8716#true} #1739#return; {8716#true} is VALID [2022-02-20 18:00:38,771 INFO L290 TraceCheckUtils]: 27: Hoare triple {8716#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,771 INFO L272 TraceCheckUtils]: 28: Hoare triple {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} call select_features_#t~ret55#1 := select_one(); {8716#true} is VALID [2022-02-20 18:00:38,771 INFO L290 TraceCheckUtils]: 29: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,771 INFO L290 TraceCheckUtils]: 30: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,772 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {8716#true} {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} #1741#return; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,772 INFO L290 TraceCheckUtils]: 32: Hoare triple {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,772 INFO L272 TraceCheckUtils]: 33: Hoare triple {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} call select_features_#t~ret56#1 := select_one(); {8716#true} is VALID [2022-02-20 18:00:38,772 INFO L290 TraceCheckUtils]: 34: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,772 INFO L290 TraceCheckUtils]: 35: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,773 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {8716#true} {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} #1743#return; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,773 INFO L290 TraceCheckUtils]: 37: Hoare triple {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,773 INFO L272 TraceCheckUtils]: 38: Hoare triple {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} call select_features_#t~ret57#1 := select_one(); {8716#true} is VALID [2022-02-20 18:00:38,773 INFO L290 TraceCheckUtils]: 39: Hoare triple {8716#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {8716#true} is VALID [2022-02-20 18:00:38,773 INFO L290 TraceCheckUtils]: 40: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,774 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8716#true} {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} #1745#return; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,774 INFO L290 TraceCheckUtils]: 42: Hoare triple {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,774 INFO L290 TraceCheckUtils]: 43: Hoare triple {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,775 INFO L290 TraceCheckUtils]: 44: Hoare triple {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,775 INFO L290 TraceCheckUtils]: 45: Hoare triple {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,775 INFO L290 TraceCheckUtils]: 46: Hoare triple {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} is VALID [2022-02-20 18:00:38,775 INFO L290 TraceCheckUtils]: 47: Hoare triple {8733#(= ~__SELECTED_FEATURE_Sign~0 1)} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8717#false} is VALID [2022-02-20 18:00:38,776 INFO L290 TraceCheckUtils]: 48: Hoare triple {8717#false} assume 0 == ~__SELECTED_FEATURE_Verify~0; {8717#false} is VALID [2022-02-20 18:00:38,776 INFO L290 TraceCheckUtils]: 49: Hoare triple {8717#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8717#false} is VALID [2022-02-20 18:00:38,776 INFO L290 TraceCheckUtils]: 50: Hoare triple {8717#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~15#1 := 1; {8717#false} is VALID [2022-02-20 18:00:38,776 INFO L290 TraceCheckUtils]: 51: Hoare triple {8717#false} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {8717#false} is VALID [2022-02-20 18:00:38,776 INFO L290 TraceCheckUtils]: 52: Hoare triple {8717#false} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {8717#false} is VALID [2022-02-20 18:00:38,776 INFO L290 TraceCheckUtils]: 53: Hoare triple {8717#false} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {8717#false} is VALID [2022-02-20 18:00:38,776 INFO L290 TraceCheckUtils]: 54: Hoare triple {8717#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8717#false} is VALID [2022-02-20 18:00:38,776 INFO L272 TraceCheckUtils]: 55: Hoare triple {8717#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:38,776 INFO L290 TraceCheckUtils]: 56: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8716#true} is VALID [2022-02-20 18:00:38,777 INFO L272 TraceCheckUtils]: 57: Hoare triple {8716#true} call setClientId(~bob___0, ~bob___0); {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:38,777 INFO L290 TraceCheckUtils]: 58: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,777 INFO L290 TraceCheckUtils]: 59: Hoare triple {8716#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,777 INFO L290 TraceCheckUtils]: 60: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,777 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {8716#true} {8716#true} #1729#return; {8716#true} is VALID [2022-02-20 18:00:38,778 INFO L290 TraceCheckUtils]: 62: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,778 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {8716#true} {8717#false} #1751#return; {8717#false} is VALID [2022-02-20 18:00:38,778 INFO L290 TraceCheckUtils]: 64: Hoare triple {8717#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {8717#false} is VALID [2022-02-20 18:00:38,778 INFO L290 TraceCheckUtils]: 65: Hoare triple {8717#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8717#false} is VALID [2022-02-20 18:00:38,778 INFO L272 TraceCheckUtils]: 66: Hoare triple {8717#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:38,778 INFO L290 TraceCheckUtils]: 67: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8716#true} is VALID [2022-02-20 18:00:38,779 INFO L272 TraceCheckUtils]: 68: Hoare triple {8716#true} call setClientId(~rjh___0, ~rjh___0); {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:38,779 INFO L290 TraceCheckUtils]: 69: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,779 INFO L290 TraceCheckUtils]: 70: Hoare triple {8716#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,779 INFO L290 TraceCheckUtils]: 71: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,779 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {8716#true} {8716#true} #1681#return; {8716#true} is VALID [2022-02-20 18:00:38,779 INFO L290 TraceCheckUtils]: 73: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,779 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {8716#true} {8717#false} #1757#return; {8717#false} is VALID [2022-02-20 18:00:38,779 INFO L290 TraceCheckUtils]: 75: Hoare triple {8717#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {8717#false} is VALID [2022-02-20 18:00:38,779 INFO L290 TraceCheckUtils]: 76: Hoare triple {8717#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8717#false} is VALID [2022-02-20 18:00:38,780 INFO L272 TraceCheckUtils]: 77: Hoare triple {8717#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:38,780 INFO L290 TraceCheckUtils]: 78: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8716#true} is VALID [2022-02-20 18:00:38,780 INFO L272 TraceCheckUtils]: 79: Hoare triple {8716#true} call setClientId(~chuck___0, ~chuck___0); {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:38,780 INFO L290 TraceCheckUtils]: 80: Hoare triple {8787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,781 INFO L290 TraceCheckUtils]: 81: Hoare triple {8716#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,781 INFO L290 TraceCheckUtils]: 82: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,781 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {8716#true} {8716#true} #1623#return; {8716#true} is VALID [2022-02-20 18:00:38,781 INFO L290 TraceCheckUtils]: 84: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,781 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8716#true} {8717#false} #1763#return; {8717#false} is VALID [2022-02-20 18:00:38,782 INFO L290 TraceCheckUtils]: 86: Hoare triple {8717#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {8717#false} is VALID [2022-02-20 18:00:38,782 INFO L290 TraceCheckUtils]: 87: Hoare triple {8717#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8717#false} is VALID [2022-02-20 18:00:38,782 INFO L290 TraceCheckUtils]: 88: Hoare triple {8717#false} assume !false; {8717#false} is VALID [2022-02-20 18:00:38,782 INFO L290 TraceCheckUtils]: 89: Hoare triple {8717#false} assume !(test_~splverifierCounter~0#1 < 4); {8717#false} is VALID [2022-02-20 18:00:38,782 INFO L290 TraceCheckUtils]: 90: Hoare triple {8717#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {8717#false} is VALID [2022-02-20 18:00:38,782 INFO L272 TraceCheckUtils]: 91: Hoare triple {8717#false} call sendEmail(~bob~0, ~rjh~0); {8717#false} is VALID [2022-02-20 18:00:38,782 INFO L290 TraceCheckUtils]: 92: Hoare triple {8717#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8717#false} is VALID [2022-02-20 18:00:38,782 INFO L272 TraceCheckUtils]: 93: Hoare triple {8717#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8800#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:38,782 INFO L290 TraceCheckUtils]: 94: Hoare triple {8800#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,783 INFO L290 TraceCheckUtils]: 95: Hoare triple {8716#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,783 INFO L290 TraceCheckUtils]: 96: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,783 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8716#true} {8717#false} #1645#return; {8717#false} is VALID [2022-02-20 18:00:38,783 INFO L272 TraceCheckUtils]: 98: Hoare triple {8717#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8801#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:38,783 INFO L290 TraceCheckUtils]: 99: Hoare triple {8801#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,783 INFO L290 TraceCheckUtils]: 100: Hoare triple {8716#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,783 INFO L290 TraceCheckUtils]: 101: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,783 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {8716#true} {8717#false} #1647#return; {8717#false} is VALID [2022-02-20 18:00:38,783 INFO L290 TraceCheckUtils]: 103: Hoare triple {8717#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {8717#false} is VALID [2022-02-20 18:00:38,784 INFO L290 TraceCheckUtils]: 104: Hoare triple {8717#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {8717#false} is VALID [2022-02-20 18:00:38,784 INFO L272 TraceCheckUtils]: 105: Hoare triple {8717#false} call outgoing(~sender#1, ~email~0#1); {8717#false} is VALID [2022-02-20 18:00:38,784 INFO L290 TraceCheckUtils]: 106: Hoare triple {8717#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8717#false} is VALID [2022-02-20 18:00:38,784 INFO L290 TraceCheckUtils]: 107: Hoare triple {8717#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {8717#false} is VALID [2022-02-20 18:00:38,784 INFO L272 TraceCheckUtils]: 108: Hoare triple {8717#false} call outgoing__before__Sign(~client#1, ~msg#1); {8717#false} is VALID [2022-02-20 18:00:38,784 INFO L290 TraceCheckUtils]: 109: Hoare triple {8717#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8717#false} is VALID [2022-02-20 18:00:38,784 INFO L290 TraceCheckUtils]: 110: Hoare triple {8717#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {8717#false} is VALID [2022-02-20 18:00:38,784 INFO L272 TraceCheckUtils]: 111: Hoare triple {8717#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {8717#false} is VALID [2022-02-20 18:00:38,784 INFO L290 TraceCheckUtils]: 112: Hoare triple {8717#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8717#false} is VALID [2022-02-20 18:00:38,784 INFO L290 TraceCheckUtils]: 113: Hoare triple {8717#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8717#false} is VALID [2022-02-20 18:00:38,785 INFO L272 TraceCheckUtils]: 114: Hoare triple {8717#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {8717#false} is VALID [2022-02-20 18:00:38,785 INFO L290 TraceCheckUtils]: 115: Hoare triple {8717#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {8717#false} is VALID [2022-02-20 18:00:38,785 INFO L290 TraceCheckUtils]: 116: Hoare triple {8717#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {8717#false} is VALID [2022-02-20 18:00:38,785 INFO L290 TraceCheckUtils]: 117: Hoare triple {8717#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {8717#false} is VALID [2022-02-20 18:00:38,785 INFO L272 TraceCheckUtils]: 118: Hoare triple {8717#false} call setEmailFrom(~msg#1, ~tmp~2#1); {8800#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:38,785 INFO L290 TraceCheckUtils]: 119: Hoare triple {8800#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8716#true} is VALID [2022-02-20 18:00:38,785 INFO L290 TraceCheckUtils]: 120: Hoare triple {8716#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8716#true} is VALID [2022-02-20 18:00:38,785 INFO L290 TraceCheckUtils]: 121: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,785 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {8716#true} {8717#false} #1657#return; {8717#false} is VALID [2022-02-20 18:00:38,786 INFO L290 TraceCheckUtils]: 123: Hoare triple {8717#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {8717#false} is VALID [2022-02-20 18:00:38,786 INFO L272 TraceCheckUtils]: 124: Hoare triple {8717#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {8716#true} is VALID [2022-02-20 18:00:38,786 INFO L290 TraceCheckUtils]: 125: Hoare triple {8716#true} ~handle := #in~handle;havoc ~retValue_acc~33; {8716#true} is VALID [2022-02-20 18:00:38,786 INFO L290 TraceCheckUtils]: 126: Hoare triple {8716#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {8716#true} is VALID [2022-02-20 18:00:38,787 INFO L290 TraceCheckUtils]: 127: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,787 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {8716#true} {8717#false} #1659#return; {8717#false} is VALID [2022-02-20 18:00:38,787 INFO L290 TraceCheckUtils]: 129: Hoare triple {8717#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {8717#false} is VALID [2022-02-20 18:00:38,787 INFO L290 TraceCheckUtils]: 130: Hoare triple {8717#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {8717#false} is VALID [2022-02-20 18:00:38,788 INFO L272 TraceCheckUtils]: 131: Hoare triple {8717#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {8716#true} is VALID [2022-02-20 18:00:38,788 INFO L290 TraceCheckUtils]: 132: Hoare triple {8716#true} ~handle := #in~handle;havoc ~retValue_acc~15; {8716#true} is VALID [2022-02-20 18:00:38,788 INFO L290 TraceCheckUtils]: 133: Hoare triple {8716#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {8716#true} is VALID [2022-02-20 18:00:38,788 INFO L290 TraceCheckUtils]: 134: Hoare triple {8716#true} assume true; {8716#true} is VALID [2022-02-20 18:00:38,788 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {8716#true} {8717#false} #1661#return; {8717#false} is VALID [2022-02-20 18:00:38,788 INFO L290 TraceCheckUtils]: 136: Hoare triple {8717#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {8717#false} is VALID [2022-02-20 18:00:38,788 INFO L290 TraceCheckUtils]: 137: Hoare triple {8717#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {8717#false} is VALID [2022-02-20 18:00:38,788 INFO L290 TraceCheckUtils]: 138: Hoare triple {8717#false} assume !false; {8717#false} is VALID [2022-02-20 18:00:38,789 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:00:38,789 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:38,789 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [197425522] [2022-02-20 18:00:38,789 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [197425522] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:38,790 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:38,790 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:00:38,790 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1046672409] [2022-02-20 18:00:38,790 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:38,792 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 3 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) Word has length 139 [2022-02-20 18:00:38,792 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:38,792 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 3 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:00:38,857 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 116 edges. 116 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:38,857 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:00:38,857 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:38,858 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:00:38,858 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:00:38,859 INFO L87 Difference]: Start difference. First operand 596 states and 880 transitions. Second operand has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 3 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:00:44,234 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:44,234 INFO L93 Difference]: Finished difference Result 1303 states and 1978 transitions. [2022-02-20 18:00:44,234 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:00:44,235 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 3 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) Word has length 139 [2022-02-20 18:00:44,235 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:44,235 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 3 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:00:44,258 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1978 transitions. [2022-02-20 18:00:44,259 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 3 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:00:44,283 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1978 transitions. [2022-02-20 18:00:44,283 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1978 transitions. [2022-02-20 18:00:46,014 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1978 edges. 1978 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:46,092 INFO L225 Difference]: With dead ends: 1303 [2022-02-20 18:00:46,094 INFO L226 Difference]: Without dead ends: 738 [2022-02-20 18:00:46,096 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 41 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:00:46,110 INFO L933 BasicCegarLoop]: 886 mSDtfsCounter, 2063 mSDsluCounter, 668 mSDsCounter, 0 mSdLazyCounter, 520 mSolverCounterSat, 830 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2090 SdHoareTripleChecker+Valid, 1554 SdHoareTripleChecker+Invalid, 1350 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 830 IncrementalHoareTripleChecker+Valid, 520 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:46,111 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2090 Valid, 1554 Invalid, 1350 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [830 Valid, 520 Invalid, 0 Unknown, 0 Unchecked, 2.2s Time] [2022-02-20 18:00:46,113 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 738 states. [2022-02-20 18:00:46,149 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 738 to 597. [2022-02-20 18:00:46,154 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:46,156 INFO L82 GeneralOperation]: Start isEquivalent. First operand 738 states. Second operand has 597 states, 444 states have (on average 1.4842342342342343) internal successors, (659), 461 states have internal predecessors, (659), 108 states have call successors, (108), 44 states have call predecessors, (108), 44 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) [2022-02-20 18:00:46,157 INFO L74 IsIncluded]: Start isIncluded. First operand 738 states. Second operand has 597 states, 444 states have (on average 1.4842342342342343) internal successors, (659), 461 states have internal predecessors, (659), 108 states have call successors, (108), 44 states have call predecessors, (108), 44 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) [2022-02-20 18:00:46,172 INFO L87 Difference]: Start difference. First operand 738 states. Second operand has 597 states, 444 states have (on average 1.4842342342342343) internal successors, (659), 461 states have internal predecessors, (659), 108 states have call successors, (108), 44 states have call predecessors, (108), 44 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) [2022-02-20 18:00:46,203 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:46,214 INFO L93 Difference]: Finished difference Result 738 states and 1110 transitions. [2022-02-20 18:00:46,214 INFO L276 IsEmpty]: Start isEmpty. Operand 738 states and 1110 transitions. [2022-02-20 18:00:46,217 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:46,218 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:46,220 INFO L74 IsIncluded]: Start isIncluded. First operand has 597 states, 444 states have (on average 1.4842342342342343) internal successors, (659), 461 states have internal predecessors, (659), 108 states have call successors, (108), 44 states have call predecessors, (108), 44 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) Second operand 738 states. [2022-02-20 18:00:46,221 INFO L87 Difference]: Start difference. First operand has 597 states, 444 states have (on average 1.4842342342342343) internal successors, (659), 461 states have internal predecessors, (659), 108 states have call successors, (108), 44 states have call predecessors, (108), 44 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) Second operand 738 states. [2022-02-20 18:00:46,293 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:46,294 INFO L93 Difference]: Finished difference Result 738 states and 1110 transitions. [2022-02-20 18:00:46,294 INFO L276 IsEmpty]: Start isEmpty. Operand 738 states and 1110 transitions. [2022-02-20 18:00:46,297 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:46,311 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:46,311 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:46,312 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:46,314 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 597 states, 444 states have (on average 1.4842342342342343) internal successors, (659), 461 states have internal predecessors, (659), 108 states have call successors, (108), 44 states have call predecessors, (108), 44 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) [2022-02-20 18:00:46,351 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 597 states to 597 states and 874 transitions. [2022-02-20 18:00:46,352 INFO L78 Accepts]: Start accepts. Automaton has 597 states and 874 transitions. Word has length 139 [2022-02-20 18:00:46,353 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:46,353 INFO L470 AbstractCegarLoop]: Abstraction has 597 states and 874 transitions. [2022-02-20 18:00:46,353 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 3 states have call successors, (24), 5 states have call predecessors, (24), 1 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:00:46,353 INFO L276 IsEmpty]: Start isEmpty. Operand 597 states and 874 transitions. [2022-02-20 18:00:46,355 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 150 [2022-02-20 18:00:46,355 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:46,355 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:46,355 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:00:46,355 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:46,356 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:46,356 INFO L85 PathProgramCache]: Analyzing trace with hash -633923939, now seen corresponding path program 1 times [2022-02-20 18:00:46,356 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:46,363 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [371678996] [2022-02-20 18:00:46,364 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:46,364 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:46,434 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,500 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:00:46,502 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,504 INFO L290 TraceCheckUtils]: 0: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,505 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,505 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12928#true} {12928#true} #1731#return; {12928#true} is VALID [2022-02-20 18:00:46,505 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:00:46,507 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,509 INFO L290 TraceCheckUtils]: 0: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,509 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,509 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12928#true} {12928#true} #1733#return; {12928#true} is VALID [2022-02-20 18:00:46,510 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:00:46,513 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,525 INFO L290 TraceCheckUtils]: 0: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,525 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,528 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12928#true} {12928#true} #1735#return; {12928#true} is VALID [2022-02-20 18:00:46,528 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:46,530 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,535 INFO L290 TraceCheckUtils]: 0: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,535 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,535 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12928#true} {12928#true} #1737#return; {12928#true} is VALID [2022-02-20 18:00:46,536 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:00:46,538 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,546 INFO L290 TraceCheckUtils]: 0: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,546 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,547 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12928#true} {12928#true} #1739#return; {12928#true} is VALID [2022-02-20 18:00:46,547 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:00:46,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,551 INFO L290 TraceCheckUtils]: 0: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,552 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,552 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12928#true} {12928#true} #1741#return; {12928#true} is VALID [2022-02-20 18:00:46,552 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:00:46,564 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,567 INFO L290 TraceCheckUtils]: 0: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,568 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,568 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12928#true} {12928#true} #1743#return; {12928#true} is VALID [2022-02-20 18:00:46,568 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:00:46,570 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,572 INFO L290 TraceCheckUtils]: 0: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,572 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,572 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12928#true} {12928#true} #1745#return; {12928#true} is VALID [2022-02-20 18:00:46,576 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:00:46,578 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,593 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:46,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,596 INFO L290 TraceCheckUtils]: 0: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,596 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,597 INFO L290 TraceCheckUtils]: 2: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,597 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12928#true} {12928#true} #1729#return; {12928#true} is VALID [2022-02-20 18:00:46,597 INFO L290 TraceCheckUtils]: 0: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12928#true} is VALID [2022-02-20 18:00:46,598 INFO L272 TraceCheckUtils]: 1: Hoare triple {12928#true} call setClientId(~bob___0, ~bob___0); {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:46,598 INFO L290 TraceCheckUtils]: 2: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,598 INFO L290 TraceCheckUtils]: 3: Hoare triple {12928#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,598 INFO L290 TraceCheckUtils]: 4: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,598 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12928#true} {12928#true} #1729#return; {12928#true} is VALID [2022-02-20 18:00:46,598 INFO L290 TraceCheckUtils]: 6: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,598 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12928#true} {12929#false} #1751#return; {12929#false} is VALID [2022-02-20 18:00:46,599 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:00:46,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,603 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:46,604 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,606 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,606 INFO L290 TraceCheckUtils]: 2: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,606 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12928#true} {12928#true} #1681#return; {12928#true} is VALID [2022-02-20 18:00:46,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12928#true} is VALID [2022-02-20 18:00:46,615 INFO L272 TraceCheckUtils]: 1: Hoare triple {12928#true} call setClientId(~rjh___0, ~rjh___0); {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:46,615 INFO L290 TraceCheckUtils]: 2: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,615 INFO L290 TraceCheckUtils]: 3: Hoare triple {12928#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,616 INFO L290 TraceCheckUtils]: 4: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,616 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12928#true} {12928#true} #1681#return; {12928#true} is VALID [2022-02-20 18:00:46,616 INFO L290 TraceCheckUtils]: 6: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,616 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12928#true} {12929#false} #1757#return; {12929#false} is VALID [2022-02-20 18:00:46,616 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:00:46,619 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,621 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:46,622 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,629 INFO L290 TraceCheckUtils]: 0: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,630 INFO L290 TraceCheckUtils]: 2: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,630 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12928#true} {12928#true} #1623#return; {12928#true} is VALID [2022-02-20 18:00:46,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12928#true} is VALID [2022-02-20 18:00:46,631 INFO L272 TraceCheckUtils]: 1: Hoare triple {12928#true} call setClientId(~chuck___0, ~chuck___0); {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:46,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,631 INFO L290 TraceCheckUtils]: 3: Hoare triple {12928#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,631 INFO L290 TraceCheckUtils]: 4: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,631 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12928#true} {12928#true} #1623#return; {12928#true} is VALID [2022-02-20 18:00:46,631 INFO L290 TraceCheckUtils]: 6: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,631 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12928#true} {12929#false} #1763#return; {12929#false} is VALID [2022-02-20 18:00:46,636 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:00:46,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,646 INFO L290 TraceCheckUtils]: 0: Hoare triple {13016#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,647 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,647 INFO L290 TraceCheckUtils]: 2: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,647 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12928#true} {12929#false} #1645#return; {12929#false} is VALID [2022-02-20 18:00:46,652 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:00:46,654 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,665 INFO L290 TraceCheckUtils]: 0: Hoare triple {13017#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,666 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,666 INFO L290 TraceCheckUtils]: 2: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,666 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12928#true} {12929#false} #1647#return; {12929#false} is VALID [2022-02-20 18:00:46,666 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:00:46,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,669 INFO L290 TraceCheckUtils]: 0: Hoare triple {12928#true} ~handle := #in~handle;havoc ~retValue_acc~15; {12928#true} is VALID [2022-02-20 18:00:46,669 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {12928#true} is VALID [2022-02-20 18:00:46,669 INFO L290 TraceCheckUtils]: 2: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,669 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12928#true} {12929#false} #1589#return; {12929#false} is VALID [2022-02-20 18:00:46,669 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 18:00:46,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {13016#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,672 INFO L290 TraceCheckUtils]: 2: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,673 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12928#true} {12929#false} #1657#return; {12929#false} is VALID [2022-02-20 18:00:46,673 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 134 [2022-02-20 18:00:46,674 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,693 INFO L290 TraceCheckUtils]: 0: Hoare triple {12928#true} ~handle := #in~handle;havoc ~retValue_acc~33; {12928#true} is VALID [2022-02-20 18:00:46,693 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {12928#true} is VALID [2022-02-20 18:00:46,693 INFO L290 TraceCheckUtils]: 2: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,693 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12928#true} {12929#false} #1659#return; {12929#false} is VALID [2022-02-20 18:00:46,694 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 18:00:46,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:46,697 INFO L290 TraceCheckUtils]: 0: Hoare triple {12928#true} ~handle := #in~handle;havoc ~retValue_acc~15; {12928#true} is VALID [2022-02-20 18:00:46,698 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {12928#true} is VALID [2022-02-20 18:00:46,698 INFO L290 TraceCheckUtils]: 2: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,698 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12928#true} {12929#false} #1661#return; {12929#false} is VALID [2022-02-20 18:00:46,698 INFO L290 TraceCheckUtils]: 0: Hoare triple {12928#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {12928#true} is VALID [2022-02-20 18:00:46,698 INFO L290 TraceCheckUtils]: 1: Hoare triple {12928#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {12928#true} is VALID [2022-02-20 18:00:46,698 INFO L290 TraceCheckUtils]: 2: Hoare triple {12928#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {12928#true} is VALID [2022-02-20 18:00:46,699 INFO L272 TraceCheckUtils]: 3: Hoare triple {12928#true} call select_features_#t~ret50#1 := select_one(); {12928#true} is VALID [2022-02-20 18:00:46,699 INFO L290 TraceCheckUtils]: 4: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,699 INFO L290 TraceCheckUtils]: 5: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,699 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {12928#true} {12928#true} #1731#return; {12928#true} is VALID [2022-02-20 18:00:46,699 INFO L290 TraceCheckUtils]: 7: Hoare triple {12928#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {12928#true} is VALID [2022-02-20 18:00:46,699 INFO L272 TraceCheckUtils]: 8: Hoare triple {12928#true} call select_features_#t~ret51#1 := select_one(); {12928#true} is VALID [2022-02-20 18:00:46,699 INFO L290 TraceCheckUtils]: 9: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,699 INFO L290 TraceCheckUtils]: 10: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,712 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {12928#true} {12928#true} #1733#return; {12928#true} is VALID [2022-02-20 18:00:46,712 INFO L290 TraceCheckUtils]: 12: Hoare triple {12928#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {12928#true} is VALID [2022-02-20 18:00:46,713 INFO L272 TraceCheckUtils]: 13: Hoare triple {12928#true} call select_features_#t~ret52#1 := select_one(); {12928#true} is VALID [2022-02-20 18:00:46,714 INFO L290 TraceCheckUtils]: 14: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,714 INFO L290 TraceCheckUtils]: 15: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,715 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12928#true} {12928#true} #1735#return; {12928#true} is VALID [2022-02-20 18:00:46,715 INFO L290 TraceCheckUtils]: 17: Hoare triple {12928#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {12928#true} is VALID [2022-02-20 18:00:46,715 INFO L272 TraceCheckUtils]: 18: Hoare triple {12928#true} call select_features_#t~ret53#1 := select_one(); {12928#true} is VALID [2022-02-20 18:00:46,715 INFO L290 TraceCheckUtils]: 19: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,715 INFO L290 TraceCheckUtils]: 20: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,715 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {12928#true} {12928#true} #1737#return; {12928#true} is VALID [2022-02-20 18:00:46,715 INFO L290 TraceCheckUtils]: 22: Hoare triple {12928#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {12928#true} is VALID [2022-02-20 18:00:46,715 INFO L272 TraceCheckUtils]: 23: Hoare triple {12928#true} call select_features_#t~ret54#1 := select_one(); {12928#true} is VALID [2022-02-20 18:00:46,716 INFO L290 TraceCheckUtils]: 24: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,716 INFO L290 TraceCheckUtils]: 25: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,716 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {12928#true} {12928#true} #1739#return; {12928#true} is VALID [2022-02-20 18:00:46,716 INFO L290 TraceCheckUtils]: 27: Hoare triple {12928#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {12928#true} is VALID [2022-02-20 18:00:46,716 INFO L272 TraceCheckUtils]: 28: Hoare triple {12928#true} call select_features_#t~ret55#1 := select_one(); {12928#true} is VALID [2022-02-20 18:00:46,716 INFO L290 TraceCheckUtils]: 29: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,716 INFO L290 TraceCheckUtils]: 30: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,716 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {12928#true} {12928#true} #1741#return; {12928#true} is VALID [2022-02-20 18:00:46,716 INFO L290 TraceCheckUtils]: 32: Hoare triple {12928#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {12928#true} is VALID [2022-02-20 18:00:46,726 INFO L272 TraceCheckUtils]: 33: Hoare triple {12928#true} call select_features_#t~ret56#1 := select_one(); {12928#true} is VALID [2022-02-20 18:00:46,727 INFO L290 TraceCheckUtils]: 34: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,727 INFO L290 TraceCheckUtils]: 35: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,727 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {12928#true} {12928#true} #1743#return; {12928#true} is VALID [2022-02-20 18:00:46,727 INFO L290 TraceCheckUtils]: 37: Hoare triple {12928#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {12928#true} is VALID [2022-02-20 18:00:46,727 INFO L272 TraceCheckUtils]: 38: Hoare triple {12928#true} call select_features_#t~ret57#1 := select_one(); {12928#true} is VALID [2022-02-20 18:00:46,727 INFO L290 TraceCheckUtils]: 39: Hoare triple {12928#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {12928#true} is VALID [2022-02-20 18:00:46,727 INFO L290 TraceCheckUtils]: 40: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,728 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12928#true} {12928#true} #1745#return; {12928#true} is VALID [2022-02-20 18:00:46,728 INFO L290 TraceCheckUtils]: 42: Hoare triple {12928#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {12928#true} is VALID [2022-02-20 18:00:46,728 INFO L290 TraceCheckUtils]: 43: Hoare triple {12928#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {12928#true} is VALID [2022-02-20 18:00:46,728 INFO L290 TraceCheckUtils]: 44: Hoare triple {12928#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {12928#true} is VALID [2022-02-20 18:00:46,728 INFO L290 TraceCheckUtils]: 45: Hoare triple {12928#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {12928#true} is VALID [2022-02-20 18:00:46,728 INFO L290 TraceCheckUtils]: 46: Hoare triple {12928#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {12928#true} is VALID [2022-02-20 18:00:46,728 INFO L290 TraceCheckUtils]: 47: Hoare triple {12928#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {12928#true} is VALID [2022-02-20 18:00:46,729 INFO L290 TraceCheckUtils]: 48: Hoare triple {12928#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {12954#(not (= ~__SELECTED_FEATURE_Verify~0 0))} is VALID [2022-02-20 18:00:46,729 INFO L290 TraceCheckUtils]: 49: Hoare triple {12954#(not (= ~__SELECTED_FEATURE_Verify~0 0))} assume 0 == ~__SELECTED_FEATURE_Verify~0; {12929#false} is VALID [2022-02-20 18:00:46,729 INFO L290 TraceCheckUtils]: 50: Hoare triple {12929#false} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {12929#false} is VALID [2022-02-20 18:00:46,729 INFO L290 TraceCheckUtils]: 51: Hoare triple {12929#false} assume 0 != ~__SELECTED_FEATURE_Keys~0; {12929#false} is VALID [2022-02-20 18:00:46,729 INFO L290 TraceCheckUtils]: 52: Hoare triple {12929#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~15#1 := 1; {12929#false} is VALID [2022-02-20 18:00:46,730 INFO L290 TraceCheckUtils]: 53: Hoare triple {12929#false} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {12929#false} is VALID [2022-02-20 18:00:46,730 INFO L290 TraceCheckUtils]: 54: Hoare triple {12929#false} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {12929#false} is VALID [2022-02-20 18:00:46,730 INFO L290 TraceCheckUtils]: 55: Hoare triple {12929#false} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {12929#false} is VALID [2022-02-20 18:00:46,730 INFO L290 TraceCheckUtils]: 56: Hoare triple {12929#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12929#false} is VALID [2022-02-20 18:00:46,730 INFO L272 TraceCheckUtils]: 57: Hoare triple {12929#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:46,730 INFO L290 TraceCheckUtils]: 58: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12928#true} is VALID [2022-02-20 18:00:46,731 INFO L272 TraceCheckUtils]: 59: Hoare triple {12928#true} call setClientId(~bob___0, ~bob___0); {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:46,731 INFO L290 TraceCheckUtils]: 60: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,731 INFO L290 TraceCheckUtils]: 61: Hoare triple {12928#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,731 INFO L290 TraceCheckUtils]: 62: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,731 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12928#true} {12928#true} #1729#return; {12928#true} is VALID [2022-02-20 18:00:46,731 INFO L290 TraceCheckUtils]: 64: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,731 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {12928#true} {12929#false} #1751#return; {12929#false} is VALID [2022-02-20 18:00:46,732 INFO L290 TraceCheckUtils]: 66: Hoare triple {12929#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {12929#false} is VALID [2022-02-20 18:00:46,732 INFO L290 TraceCheckUtils]: 67: Hoare triple {12929#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12929#false} is VALID [2022-02-20 18:00:46,732 INFO L272 TraceCheckUtils]: 68: Hoare triple {12929#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:46,732 INFO L290 TraceCheckUtils]: 69: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12928#true} is VALID [2022-02-20 18:00:46,732 INFO L272 TraceCheckUtils]: 70: Hoare triple {12928#true} call setClientId(~rjh___0, ~rjh___0); {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:46,733 INFO L290 TraceCheckUtils]: 71: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,733 INFO L290 TraceCheckUtils]: 72: Hoare triple {12928#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,733 INFO L290 TraceCheckUtils]: 73: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,733 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {12928#true} {12928#true} #1681#return; {12928#true} is VALID [2022-02-20 18:00:46,733 INFO L290 TraceCheckUtils]: 75: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,733 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {12928#true} {12929#false} #1757#return; {12929#false} is VALID [2022-02-20 18:00:46,733 INFO L290 TraceCheckUtils]: 77: Hoare triple {12929#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {12929#false} is VALID [2022-02-20 18:00:46,733 INFO L290 TraceCheckUtils]: 78: Hoare triple {12929#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12929#false} is VALID [2022-02-20 18:00:46,733 INFO L272 TraceCheckUtils]: 79: Hoare triple {12929#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:46,734 INFO L290 TraceCheckUtils]: 80: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12928#true} is VALID [2022-02-20 18:00:46,734 INFO L272 TraceCheckUtils]: 81: Hoare triple {12928#true} call setClientId(~chuck___0, ~chuck___0); {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:46,734 INFO L290 TraceCheckUtils]: 82: Hoare triple {13003#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,735 INFO L290 TraceCheckUtils]: 83: Hoare triple {12928#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,735 INFO L290 TraceCheckUtils]: 84: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,735 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12928#true} {12928#true} #1623#return; {12928#true} is VALID [2022-02-20 18:00:46,735 INFO L290 TraceCheckUtils]: 86: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,735 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {12928#true} {12929#false} #1763#return; {12929#false} is VALID [2022-02-20 18:00:46,735 INFO L290 TraceCheckUtils]: 88: Hoare triple {12929#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {12929#false} is VALID [2022-02-20 18:00:46,735 INFO L290 TraceCheckUtils]: 89: Hoare triple {12929#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12929#false} is VALID [2022-02-20 18:00:46,736 INFO L290 TraceCheckUtils]: 90: Hoare triple {12929#false} assume !false; {12929#false} is VALID [2022-02-20 18:00:46,736 INFO L290 TraceCheckUtils]: 91: Hoare triple {12929#false} assume !(test_~splverifierCounter~0#1 < 4); {12929#false} is VALID [2022-02-20 18:00:46,736 INFO L290 TraceCheckUtils]: 92: Hoare triple {12929#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {12929#false} is VALID [2022-02-20 18:00:46,736 INFO L272 TraceCheckUtils]: 93: Hoare triple {12929#false} call sendEmail(~bob~0, ~rjh~0); {12929#false} is VALID [2022-02-20 18:00:46,736 INFO L290 TraceCheckUtils]: 94: Hoare triple {12929#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12929#false} is VALID [2022-02-20 18:00:46,736 INFO L272 TraceCheckUtils]: 95: Hoare triple {12929#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13016#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:46,736 INFO L290 TraceCheckUtils]: 96: Hoare triple {13016#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,737 INFO L290 TraceCheckUtils]: 97: Hoare triple {12928#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,737 INFO L290 TraceCheckUtils]: 98: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,737 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {12928#true} {12929#false} #1645#return; {12929#false} is VALID [2022-02-20 18:00:46,737 INFO L272 TraceCheckUtils]: 100: Hoare triple {12929#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13017#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:46,745 INFO L290 TraceCheckUtils]: 101: Hoare triple {13017#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,746 INFO L290 TraceCheckUtils]: 102: Hoare triple {12928#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,746 INFO L290 TraceCheckUtils]: 103: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,746 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {12928#true} {12929#false} #1647#return; {12929#false} is VALID [2022-02-20 18:00:46,746 INFO L290 TraceCheckUtils]: 105: Hoare triple {12929#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {12929#false} is VALID [2022-02-20 18:00:46,746 INFO L290 TraceCheckUtils]: 106: Hoare triple {12929#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {12929#false} is VALID [2022-02-20 18:00:46,746 INFO L272 TraceCheckUtils]: 107: Hoare triple {12929#false} call outgoing(~sender#1, ~email~0#1); {12929#false} is VALID [2022-02-20 18:00:46,746 INFO L290 TraceCheckUtils]: 108: Hoare triple {12929#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12929#false} is VALID [2022-02-20 18:00:46,747 INFO L290 TraceCheckUtils]: 109: Hoare triple {12929#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {12929#false} is VALID [2022-02-20 18:00:46,747 INFO L272 TraceCheckUtils]: 110: Hoare triple {12929#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {12928#true} is VALID [2022-02-20 18:00:46,747 INFO L290 TraceCheckUtils]: 111: Hoare triple {12928#true} ~handle := #in~handle;havoc ~retValue_acc~15; {12928#true} is VALID [2022-02-20 18:00:46,747 INFO L290 TraceCheckUtils]: 112: Hoare triple {12928#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {12928#true} is VALID [2022-02-20 18:00:46,747 INFO L290 TraceCheckUtils]: 113: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,747 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {12928#true} {12929#false} #1589#return; {12929#false} is VALID [2022-02-20 18:00:46,747 INFO L290 TraceCheckUtils]: 115: Hoare triple {12929#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {12929#false} is VALID [2022-02-20 18:00:46,748 INFO L290 TraceCheckUtils]: 116: Hoare triple {12929#false} assume 0 == sign_~privkey~1#1; {12929#false} is VALID [2022-02-20 18:00:46,748 INFO L290 TraceCheckUtils]: 117: Hoare triple {12929#false} assume { :end_inline_sign } true; {12929#false} is VALID [2022-02-20 18:00:46,748 INFO L272 TraceCheckUtils]: 118: Hoare triple {12929#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {12929#false} is VALID [2022-02-20 18:00:46,748 INFO L290 TraceCheckUtils]: 119: Hoare triple {12929#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12929#false} is VALID [2022-02-20 18:00:46,748 INFO L290 TraceCheckUtils]: 120: Hoare triple {12929#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {12929#false} is VALID [2022-02-20 18:00:46,748 INFO L272 TraceCheckUtils]: 121: Hoare triple {12929#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {12929#false} is VALID [2022-02-20 18:00:46,748 INFO L290 TraceCheckUtils]: 122: Hoare triple {12929#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12929#false} is VALID [2022-02-20 18:00:46,749 INFO L290 TraceCheckUtils]: 123: Hoare triple {12929#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {12929#false} is VALID [2022-02-20 18:00:46,749 INFO L272 TraceCheckUtils]: 124: Hoare triple {12929#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {12929#false} is VALID [2022-02-20 18:00:46,752 INFO L290 TraceCheckUtils]: 125: Hoare triple {12929#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {12929#false} is VALID [2022-02-20 18:00:46,753 INFO L290 TraceCheckUtils]: 126: Hoare triple {12929#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {12929#false} is VALID [2022-02-20 18:00:46,753 INFO L290 TraceCheckUtils]: 127: Hoare triple {12929#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {12929#false} is VALID [2022-02-20 18:00:46,753 INFO L272 TraceCheckUtils]: 128: Hoare triple {12929#false} call setEmailFrom(~msg#1, ~tmp~2#1); {13016#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:46,753 INFO L290 TraceCheckUtils]: 129: Hoare triple {13016#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12928#true} is VALID [2022-02-20 18:00:46,753 INFO L290 TraceCheckUtils]: 130: Hoare triple {12928#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12928#true} is VALID [2022-02-20 18:00:46,754 INFO L290 TraceCheckUtils]: 131: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,754 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {12928#true} {12929#false} #1657#return; {12929#false} is VALID [2022-02-20 18:00:46,754 INFO L290 TraceCheckUtils]: 133: Hoare triple {12929#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {12929#false} is VALID [2022-02-20 18:00:46,754 INFO L272 TraceCheckUtils]: 134: Hoare triple {12929#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {12928#true} is VALID [2022-02-20 18:00:46,754 INFO L290 TraceCheckUtils]: 135: Hoare triple {12928#true} ~handle := #in~handle;havoc ~retValue_acc~33; {12928#true} is VALID [2022-02-20 18:00:46,754 INFO L290 TraceCheckUtils]: 136: Hoare triple {12928#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {12928#true} is VALID [2022-02-20 18:00:46,755 INFO L290 TraceCheckUtils]: 137: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,755 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {12928#true} {12929#false} #1659#return; {12929#false} is VALID [2022-02-20 18:00:46,755 INFO L290 TraceCheckUtils]: 139: Hoare triple {12929#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {12929#false} is VALID [2022-02-20 18:00:46,755 INFO L290 TraceCheckUtils]: 140: Hoare triple {12929#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {12929#false} is VALID [2022-02-20 18:00:46,755 INFO L272 TraceCheckUtils]: 141: Hoare triple {12929#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {12928#true} is VALID [2022-02-20 18:00:46,755 INFO L290 TraceCheckUtils]: 142: Hoare triple {12928#true} ~handle := #in~handle;havoc ~retValue_acc~15; {12928#true} is VALID [2022-02-20 18:00:46,755 INFO L290 TraceCheckUtils]: 143: Hoare triple {12928#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {12928#true} is VALID [2022-02-20 18:00:46,755 INFO L290 TraceCheckUtils]: 144: Hoare triple {12928#true} assume true; {12928#true} is VALID [2022-02-20 18:00:46,756 INFO L284 TraceCheckUtils]: 145: Hoare quadruple {12928#true} {12929#false} #1661#return; {12929#false} is VALID [2022-02-20 18:00:46,756 INFO L290 TraceCheckUtils]: 146: Hoare triple {12929#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {12929#false} is VALID [2022-02-20 18:00:46,756 INFO L290 TraceCheckUtils]: 147: Hoare triple {12929#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {12929#false} is VALID [2022-02-20 18:00:46,756 INFO L290 TraceCheckUtils]: 148: Hoare triple {12929#false} assume !false; {12929#false} is VALID [2022-02-20 18:00:46,757 INFO L134 CoverageAnalysis]: Checked inductivity of 104 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 104 trivial. 0 not checked. [2022-02-20 18:00:46,757 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:46,757 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [371678996] [2022-02-20 18:00:46,757 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [371678996] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:46,757 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:46,757 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:00:46,757 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1998118810] [2022-02-20 18:00:46,758 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:46,758 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 149 [2022-02-20 18:00:46,759 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:46,759 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:46,931 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 123 edges. 123 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:46,931 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:00:46,931 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:46,932 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:00:46,932 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:00:46,932 INFO L87 Difference]: Start difference. First operand 597 states and 874 transitions. Second operand has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:53,008 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:53,008 INFO L93 Difference]: Finished difference Result 1296 states and 1952 transitions. [2022-02-20 18:00:53,009 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:00:53,009 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 149 [2022-02-20 18:00:53,009 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:53,010 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:53,049 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1950 transitions. [2022-02-20 18:00:53,050 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:53,086 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1950 transitions. [2022-02-20 18:00:53,107 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1950 transitions. [2022-02-20 18:00:54,703 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1950 edges. 1950 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:54,769 INFO L225 Difference]: With dead ends: 1296 [2022-02-20 18:00:54,783 INFO L226 Difference]: Without dead ends: 735 [2022-02-20 18:00:54,785 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 43 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:00:54,793 INFO L933 BasicCegarLoop]: 870 mSDtfsCounter, 2052 mSDsluCounter, 688 mSDsCounter, 0 mSdLazyCounter, 503 mSolverCounterSat, 821 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2079 SdHoareTripleChecker+Valid, 1558 SdHoareTripleChecker+Invalid, 1324 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 821 IncrementalHoareTripleChecker+Valid, 503 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:54,794 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2079 Valid, 1558 Invalid, 1324 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [821 Valid, 503 Invalid, 0 Unknown, 0 Unchecked, 2.2s Time] [2022-02-20 18:00:54,796 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 735 states. [2022-02-20 18:00:54,820 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 735 to 595. [2022-02-20 18:00:54,821 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:54,822 INFO L82 GeneralOperation]: Start isEquivalent. First operand 735 states. Second operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 459 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 18:00:54,823 INFO L74 IsIncluded]: Start isIncluded. First operand 735 states. Second operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 459 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 18:00:54,825 INFO L87 Difference]: Start difference. First operand 735 states. Second operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 459 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 18:00:54,848 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:54,849 INFO L93 Difference]: Finished difference Result 735 states and 1099 transitions. [2022-02-20 18:00:54,849 INFO L276 IsEmpty]: Start isEmpty. Operand 735 states and 1099 transitions. [2022-02-20 18:00:54,850 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:54,851 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:54,852 INFO L74 IsIncluded]: Start isIncluded. First operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 459 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) Second operand 735 states. [2022-02-20 18:00:54,854 INFO L87 Difference]: Start difference. First operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 459 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) Second operand 735 states. [2022-02-20 18:00:54,876 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:54,876 INFO L93 Difference]: Finished difference Result 735 states and 1099 transitions. [2022-02-20 18:00:54,876 INFO L276 IsEmpty]: Start isEmpty. Operand 735 states and 1099 transitions. [2022-02-20 18:00:54,878 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:54,878 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:54,878 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:54,879 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:54,880 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 459 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 18:00:54,916 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 595 states to 595 states and 867 transitions. [2022-02-20 18:00:54,916 INFO L78 Accepts]: Start accepts. Automaton has 595 states and 867 transitions. Word has length 149 [2022-02-20 18:00:54,917 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:54,917 INFO L470 AbstractCegarLoop]: Abstraction has 595 states and 867 transitions. [2022-02-20 18:00:54,917 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:54,917 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 867 transitions. [2022-02-20 18:00:54,919 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 151 [2022-02-20 18:00:54,919 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:54,919 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:54,919 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:00:54,920 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:54,920 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:54,920 INFO L85 PathProgramCache]: Analyzing trace with hash 982930644, now seen corresponding path program 1 times [2022-02-20 18:00:54,920 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:54,921 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [235703619] [2022-02-20 18:00:54,921 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:54,921 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:54,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,995 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:00:54,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:54,999 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:54,999 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17121#true} {17121#true} #1731#return; {17121#true} is VALID [2022-02-20 18:00:55,000 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:00:55,001 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,004 INFO L290 TraceCheckUtils]: 0: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,004 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,004 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17121#true} {17121#true} #1733#return; {17121#true} is VALID [2022-02-20 18:00:55,004 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:00:55,006 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,009 INFO L290 TraceCheckUtils]: 0: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,009 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,009 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17121#true} {17121#true} #1735#return; {17121#true} is VALID [2022-02-20 18:00:55,009 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:55,011 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,014 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,014 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17121#true} {17121#true} #1737#return; {17121#true} is VALID [2022-02-20 18:00:55,015 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:00:55,017 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,020 INFO L290 TraceCheckUtils]: 0: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,020 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,020 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17121#true} {17121#true} #1739#return; {17121#true} is VALID [2022-02-20 18:00:55,020 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:00:55,023 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,024 INFO L290 TraceCheckUtils]: 0: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,024 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,024 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17121#true} {17121#true} #1741#return; {17121#true} is VALID [2022-02-20 18:00:55,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:00:55,026 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,028 INFO L290 TraceCheckUtils]: 0: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,028 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,028 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17121#true} {17121#true} #1743#return; {17121#true} is VALID [2022-02-20 18:00:55,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:00:55,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,032 INFO L290 TraceCheckUtils]: 0: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,032 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,032 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17121#true} {17121#true} #1745#return; {17121#true} is VALID [2022-02-20 18:00:55,036 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:00:55,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:55,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,042 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17121#true} {17121#true} #1729#return; {17121#true} is VALID [2022-02-20 18:00:55,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {17121#true} is VALID [2022-02-20 18:00:55,043 INFO L272 TraceCheckUtils]: 1: Hoare triple {17121#true} call setClientId(~bob___0, ~bob___0); {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:55,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,043 INFO L290 TraceCheckUtils]: 3: Hoare triple {17121#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,043 INFO L290 TraceCheckUtils]: 4: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,043 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17121#true} {17121#true} #1729#return; {17121#true} is VALID [2022-02-20 18:00:55,043 INFO L290 TraceCheckUtils]: 6: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,043 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17121#true} {17122#false} #1751#return; {17122#false} is VALID [2022-02-20 18:00:55,044 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:00:55,045 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,047 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:55,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,049 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,049 INFO L290 TraceCheckUtils]: 2: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,049 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17121#true} {17121#true} #1681#return; {17121#true} is VALID [2022-02-20 18:00:55,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {17121#true} is VALID [2022-02-20 18:00:55,050 INFO L272 TraceCheckUtils]: 1: Hoare triple {17121#true} call setClientId(~rjh___0, ~rjh___0); {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:55,050 INFO L290 TraceCheckUtils]: 2: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,050 INFO L290 TraceCheckUtils]: 3: Hoare triple {17121#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,050 INFO L290 TraceCheckUtils]: 4: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,050 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17121#true} {17121#true} #1681#return; {17121#true} is VALID [2022-02-20 18:00:55,050 INFO L290 TraceCheckUtils]: 6: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,051 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17121#true} {17122#false} #1757#return; {17122#false} is VALID [2022-02-20 18:00:55,051 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:00:55,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:00:55,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,056 INFO L290 TraceCheckUtils]: 0: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,057 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,057 INFO L290 TraceCheckUtils]: 2: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,057 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17121#true} {17121#true} #1623#return; {17121#true} is VALID [2022-02-20 18:00:55,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {17121#true} is VALID [2022-02-20 18:00:55,058 INFO L272 TraceCheckUtils]: 1: Hoare triple {17121#true} call setClientId(~chuck___0, ~chuck___0); {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:55,058 INFO L290 TraceCheckUtils]: 2: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,058 INFO L290 TraceCheckUtils]: 3: Hoare triple {17121#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,058 INFO L290 TraceCheckUtils]: 4: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,058 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17121#true} {17121#true} #1623#return; {17121#true} is VALID [2022-02-20 18:00:55,058 INFO L290 TraceCheckUtils]: 6: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,058 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17121#true} {17122#false} #1763#return; {17122#false} is VALID [2022-02-20 18:00:55,063 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:00:55,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,065 INFO L290 TraceCheckUtils]: 0: Hoare triple {17209#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,065 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,066 INFO L290 TraceCheckUtils]: 2: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,066 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17121#true} {17122#false} #1645#return; {17122#false} is VALID [2022-02-20 18:00:55,070 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:00:55,071 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,073 INFO L290 TraceCheckUtils]: 0: Hoare triple {17210#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,073 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,073 INFO L290 TraceCheckUtils]: 2: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,073 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17121#true} {17122#false} #1647#return; {17122#false} is VALID [2022-02-20 18:00:55,073 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 18:00:55,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,075 INFO L290 TraceCheckUtils]: 0: Hoare triple {17121#true} ~handle := #in~handle;havoc ~retValue_acc~15; {17121#true} is VALID [2022-02-20 18:00:55,075 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {17121#true} is VALID [2022-02-20 18:00:55,075 INFO L290 TraceCheckUtils]: 2: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,076 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17121#true} {17122#false} #1589#return; {17122#false} is VALID [2022-02-20 18:00:55,076 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:00:55,076 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,078 INFO L290 TraceCheckUtils]: 0: Hoare triple {17209#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,078 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,078 INFO L290 TraceCheckUtils]: 2: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,078 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17121#true} {17122#false} #1657#return; {17122#false} is VALID [2022-02-20 18:00:55,078 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 18:00:55,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,080 INFO L290 TraceCheckUtils]: 0: Hoare triple {17121#true} ~handle := #in~handle;havoc ~retValue_acc~33; {17121#true} is VALID [2022-02-20 18:00:55,080 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {17121#true} is VALID [2022-02-20 18:00:55,080 INFO L290 TraceCheckUtils]: 2: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,081 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17121#true} {17122#false} #1659#return; {17122#false} is VALID [2022-02-20 18:00:55,081 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 18:00:55,081 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,084 INFO L290 TraceCheckUtils]: 0: Hoare triple {17121#true} ~handle := #in~handle;havoc ~retValue_acc~15; {17121#true} is VALID [2022-02-20 18:00:55,084 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {17121#true} is VALID [2022-02-20 18:00:55,084 INFO L290 TraceCheckUtils]: 2: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,084 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17121#true} {17122#false} #1661#return; {17122#false} is VALID [2022-02-20 18:00:55,084 INFO L290 TraceCheckUtils]: 0: Hoare triple {17121#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {17121#true} is VALID [2022-02-20 18:00:55,084 INFO L290 TraceCheckUtils]: 1: Hoare triple {17121#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {17121#true} is VALID [2022-02-20 18:00:55,085 INFO L290 TraceCheckUtils]: 2: Hoare triple {17121#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {17121#true} is VALID [2022-02-20 18:00:55,085 INFO L272 TraceCheckUtils]: 3: Hoare triple {17121#true} call select_features_#t~ret50#1 := select_one(); {17121#true} is VALID [2022-02-20 18:00:55,085 INFO L290 TraceCheckUtils]: 4: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,085 INFO L290 TraceCheckUtils]: 5: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,085 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {17121#true} {17121#true} #1731#return; {17121#true} is VALID [2022-02-20 18:00:55,085 INFO L290 TraceCheckUtils]: 7: Hoare triple {17121#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {17121#true} is VALID [2022-02-20 18:00:55,085 INFO L272 TraceCheckUtils]: 8: Hoare triple {17121#true} call select_features_#t~ret51#1 := select_one(); {17121#true} is VALID [2022-02-20 18:00:55,085 INFO L290 TraceCheckUtils]: 9: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,086 INFO L290 TraceCheckUtils]: 10: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,086 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {17121#true} {17121#true} #1733#return; {17121#true} is VALID [2022-02-20 18:00:55,086 INFO L290 TraceCheckUtils]: 12: Hoare triple {17121#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {17121#true} is VALID [2022-02-20 18:00:55,086 INFO L272 TraceCheckUtils]: 13: Hoare triple {17121#true} call select_features_#t~ret52#1 := select_one(); {17121#true} is VALID [2022-02-20 18:00:55,086 INFO L290 TraceCheckUtils]: 14: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,086 INFO L290 TraceCheckUtils]: 15: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,086 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17121#true} {17121#true} #1735#return; {17121#true} is VALID [2022-02-20 18:00:55,086 INFO L290 TraceCheckUtils]: 17: Hoare triple {17121#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {17121#true} is VALID [2022-02-20 18:00:55,087 INFO L272 TraceCheckUtils]: 18: Hoare triple {17121#true} call select_features_#t~ret53#1 := select_one(); {17121#true} is VALID [2022-02-20 18:00:55,087 INFO L290 TraceCheckUtils]: 19: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,087 INFO L290 TraceCheckUtils]: 20: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,087 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {17121#true} {17121#true} #1737#return; {17121#true} is VALID [2022-02-20 18:00:55,087 INFO L290 TraceCheckUtils]: 22: Hoare triple {17121#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {17121#true} is VALID [2022-02-20 18:00:55,087 INFO L272 TraceCheckUtils]: 23: Hoare triple {17121#true} call select_features_#t~ret54#1 := select_one(); {17121#true} is VALID [2022-02-20 18:00:55,087 INFO L290 TraceCheckUtils]: 24: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,087 INFO L290 TraceCheckUtils]: 25: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,088 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {17121#true} {17121#true} #1739#return; {17121#true} is VALID [2022-02-20 18:00:55,088 INFO L290 TraceCheckUtils]: 27: Hoare triple {17121#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {17121#true} is VALID [2022-02-20 18:00:55,088 INFO L272 TraceCheckUtils]: 28: Hoare triple {17121#true} call select_features_#t~ret55#1 := select_one(); {17121#true} is VALID [2022-02-20 18:00:55,088 INFO L290 TraceCheckUtils]: 29: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,088 INFO L290 TraceCheckUtils]: 30: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,088 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {17121#true} {17121#true} #1741#return; {17121#true} is VALID [2022-02-20 18:00:55,088 INFO L290 TraceCheckUtils]: 32: Hoare triple {17121#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {17121#true} is VALID [2022-02-20 18:00:55,088 INFO L272 TraceCheckUtils]: 33: Hoare triple {17121#true} call select_features_#t~ret56#1 := select_one(); {17121#true} is VALID [2022-02-20 18:00:55,088 INFO L290 TraceCheckUtils]: 34: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,089 INFO L290 TraceCheckUtils]: 35: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,089 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {17121#true} {17121#true} #1743#return; {17121#true} is VALID [2022-02-20 18:00:55,089 INFO L290 TraceCheckUtils]: 37: Hoare triple {17121#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {17121#true} is VALID [2022-02-20 18:00:55,089 INFO L272 TraceCheckUtils]: 38: Hoare triple {17121#true} call select_features_#t~ret57#1 := select_one(); {17121#true} is VALID [2022-02-20 18:00:55,089 INFO L290 TraceCheckUtils]: 39: Hoare triple {17121#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {17121#true} is VALID [2022-02-20 18:00:55,089 INFO L290 TraceCheckUtils]: 40: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,089 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {17121#true} {17121#true} #1745#return; {17121#true} is VALID [2022-02-20 18:00:55,089 INFO L290 TraceCheckUtils]: 42: Hoare triple {17121#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {17121#true} is VALID [2022-02-20 18:00:55,090 INFO L290 TraceCheckUtils]: 43: Hoare triple {17121#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {17121#true} is VALID [2022-02-20 18:00:55,090 INFO L290 TraceCheckUtils]: 44: Hoare triple {17121#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {17121#true} is VALID [2022-02-20 18:00:55,090 INFO L290 TraceCheckUtils]: 45: Hoare triple {17121#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {17121#true} is VALID [2022-02-20 18:00:55,090 INFO L290 TraceCheckUtils]: 46: Hoare triple {17121#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {17121#true} is VALID [2022-02-20 18:00:55,090 INFO L290 TraceCheckUtils]: 47: Hoare triple {17121#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {17121#true} is VALID [2022-02-20 18:00:55,090 INFO L290 TraceCheckUtils]: 48: Hoare triple {17121#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {17121#true} is VALID [2022-02-20 18:00:55,090 INFO L290 TraceCheckUtils]: 49: Hoare triple {17121#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {17121#true} is VALID [2022-02-20 18:00:55,091 INFO L290 TraceCheckUtils]: 50: Hoare triple {17121#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {17121#true} is VALID [2022-02-20 18:00:55,091 INFO L290 TraceCheckUtils]: 51: Hoare triple {17121#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {17121#true} is VALID [2022-02-20 18:00:55,091 INFO L290 TraceCheckUtils]: 52: Hoare triple {17121#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {17147#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:00:55,091 INFO L290 TraceCheckUtils]: 53: Hoare triple {17147#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~15#1 := 1; {17147#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:00:55,092 INFO L290 TraceCheckUtils]: 54: Hoare triple {17147#(not (= ~__SELECTED_FEATURE_Keys~0 0))} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {17147#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:00:55,092 INFO L290 TraceCheckUtils]: 55: Hoare triple {17147#(not (= ~__SELECTED_FEATURE_Keys~0 0))} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {17147#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:00:55,092 INFO L290 TraceCheckUtils]: 56: Hoare triple {17147#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {17147#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:00:55,092 INFO L290 TraceCheckUtils]: 57: Hoare triple {17147#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17122#false} is VALID [2022-02-20 18:00:55,093 INFO L272 TraceCheckUtils]: 58: Hoare triple {17122#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:55,093 INFO L290 TraceCheckUtils]: 59: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {17121#true} is VALID [2022-02-20 18:00:55,093 INFO L272 TraceCheckUtils]: 60: Hoare triple {17121#true} call setClientId(~bob___0, ~bob___0); {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:55,093 INFO L290 TraceCheckUtils]: 61: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,094 INFO L290 TraceCheckUtils]: 62: Hoare triple {17121#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,094 INFO L290 TraceCheckUtils]: 63: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,094 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {17121#true} {17121#true} #1729#return; {17121#true} is VALID [2022-02-20 18:00:55,094 INFO L290 TraceCheckUtils]: 65: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,094 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {17121#true} {17122#false} #1751#return; {17122#false} is VALID [2022-02-20 18:00:55,094 INFO L290 TraceCheckUtils]: 67: Hoare triple {17122#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {17122#false} is VALID [2022-02-20 18:00:55,094 INFO L290 TraceCheckUtils]: 68: Hoare triple {17122#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17122#false} is VALID [2022-02-20 18:00:55,094 INFO L272 TraceCheckUtils]: 69: Hoare triple {17122#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:55,095 INFO L290 TraceCheckUtils]: 70: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {17121#true} is VALID [2022-02-20 18:00:55,095 INFO L272 TraceCheckUtils]: 71: Hoare triple {17121#true} call setClientId(~rjh___0, ~rjh___0); {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:55,095 INFO L290 TraceCheckUtils]: 72: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,095 INFO L290 TraceCheckUtils]: 73: Hoare triple {17121#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,096 INFO L290 TraceCheckUtils]: 74: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,096 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {17121#true} {17121#true} #1681#return; {17121#true} is VALID [2022-02-20 18:00:55,096 INFO L290 TraceCheckUtils]: 76: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,096 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {17121#true} {17122#false} #1757#return; {17122#false} is VALID [2022-02-20 18:00:55,096 INFO L290 TraceCheckUtils]: 78: Hoare triple {17122#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {17122#false} is VALID [2022-02-20 18:00:55,096 INFO L290 TraceCheckUtils]: 79: Hoare triple {17122#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17122#false} is VALID [2022-02-20 18:00:55,096 INFO L272 TraceCheckUtils]: 80: Hoare triple {17122#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:55,096 INFO L290 TraceCheckUtils]: 81: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {17121#true} is VALID [2022-02-20 18:00:55,097 INFO L272 TraceCheckUtils]: 82: Hoare triple {17121#true} call setClientId(~chuck___0, ~chuck___0); {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:55,097 INFO L290 TraceCheckUtils]: 83: Hoare triple {17196#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,097 INFO L290 TraceCheckUtils]: 84: Hoare triple {17121#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,097 INFO L290 TraceCheckUtils]: 85: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,098 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {17121#true} {17121#true} #1623#return; {17121#true} is VALID [2022-02-20 18:00:55,098 INFO L290 TraceCheckUtils]: 87: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,098 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {17121#true} {17122#false} #1763#return; {17122#false} is VALID [2022-02-20 18:00:55,098 INFO L290 TraceCheckUtils]: 89: Hoare triple {17122#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {17122#false} is VALID [2022-02-20 18:00:55,098 INFO L290 TraceCheckUtils]: 90: Hoare triple {17122#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17122#false} is VALID [2022-02-20 18:00:55,098 INFO L290 TraceCheckUtils]: 91: Hoare triple {17122#false} assume !false; {17122#false} is VALID [2022-02-20 18:00:55,098 INFO L290 TraceCheckUtils]: 92: Hoare triple {17122#false} assume !(test_~splverifierCounter~0#1 < 4); {17122#false} is VALID [2022-02-20 18:00:55,099 INFO L290 TraceCheckUtils]: 93: Hoare triple {17122#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {17122#false} is VALID [2022-02-20 18:00:55,099 INFO L272 TraceCheckUtils]: 94: Hoare triple {17122#false} call sendEmail(~bob~0, ~rjh~0); {17122#false} is VALID [2022-02-20 18:00:55,099 INFO L290 TraceCheckUtils]: 95: Hoare triple {17122#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17122#false} is VALID [2022-02-20 18:00:55,099 INFO L272 TraceCheckUtils]: 96: Hoare triple {17122#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17209#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:55,099 INFO L290 TraceCheckUtils]: 97: Hoare triple {17209#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,099 INFO L290 TraceCheckUtils]: 98: Hoare triple {17121#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,099 INFO L290 TraceCheckUtils]: 99: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,100 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {17121#true} {17122#false} #1645#return; {17122#false} is VALID [2022-02-20 18:00:55,100 INFO L272 TraceCheckUtils]: 101: Hoare triple {17122#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17210#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:55,100 INFO L290 TraceCheckUtils]: 102: Hoare triple {17210#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,100 INFO L290 TraceCheckUtils]: 103: Hoare triple {17121#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,100 INFO L290 TraceCheckUtils]: 104: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,100 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {17121#true} {17122#false} #1647#return; {17122#false} is VALID [2022-02-20 18:00:55,100 INFO L290 TraceCheckUtils]: 106: Hoare triple {17122#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {17122#false} is VALID [2022-02-20 18:00:55,100 INFO L290 TraceCheckUtils]: 107: Hoare triple {17122#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {17122#false} is VALID [2022-02-20 18:00:55,101 INFO L272 TraceCheckUtils]: 108: Hoare triple {17122#false} call outgoing(~sender#1, ~email~0#1); {17122#false} is VALID [2022-02-20 18:00:55,101 INFO L290 TraceCheckUtils]: 109: Hoare triple {17122#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17122#false} is VALID [2022-02-20 18:00:55,101 INFO L290 TraceCheckUtils]: 110: Hoare triple {17122#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {17122#false} is VALID [2022-02-20 18:00:55,101 INFO L272 TraceCheckUtils]: 111: Hoare triple {17122#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {17121#true} is VALID [2022-02-20 18:00:55,101 INFO L290 TraceCheckUtils]: 112: Hoare triple {17121#true} ~handle := #in~handle;havoc ~retValue_acc~15; {17121#true} is VALID [2022-02-20 18:00:55,101 INFO L290 TraceCheckUtils]: 113: Hoare triple {17121#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {17121#true} is VALID [2022-02-20 18:00:55,101 INFO L290 TraceCheckUtils]: 114: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,102 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {17121#true} {17122#false} #1589#return; {17122#false} is VALID [2022-02-20 18:00:55,102 INFO L290 TraceCheckUtils]: 116: Hoare triple {17122#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {17122#false} is VALID [2022-02-20 18:00:55,102 INFO L290 TraceCheckUtils]: 117: Hoare triple {17122#false} assume 0 == sign_~privkey~1#1; {17122#false} is VALID [2022-02-20 18:00:55,102 INFO L290 TraceCheckUtils]: 118: Hoare triple {17122#false} assume { :end_inline_sign } true; {17122#false} is VALID [2022-02-20 18:00:55,102 INFO L272 TraceCheckUtils]: 119: Hoare triple {17122#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {17122#false} is VALID [2022-02-20 18:00:55,102 INFO L290 TraceCheckUtils]: 120: Hoare triple {17122#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17122#false} is VALID [2022-02-20 18:00:55,102 INFO L290 TraceCheckUtils]: 121: Hoare triple {17122#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {17122#false} is VALID [2022-02-20 18:00:55,102 INFO L272 TraceCheckUtils]: 122: Hoare triple {17122#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {17122#false} is VALID [2022-02-20 18:00:55,103 INFO L290 TraceCheckUtils]: 123: Hoare triple {17122#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17122#false} is VALID [2022-02-20 18:00:55,103 INFO L290 TraceCheckUtils]: 124: Hoare triple {17122#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {17122#false} is VALID [2022-02-20 18:00:55,103 INFO L272 TraceCheckUtils]: 125: Hoare triple {17122#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {17122#false} is VALID [2022-02-20 18:00:55,103 INFO L290 TraceCheckUtils]: 126: Hoare triple {17122#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {17122#false} is VALID [2022-02-20 18:00:55,103 INFO L290 TraceCheckUtils]: 127: Hoare triple {17122#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {17122#false} is VALID [2022-02-20 18:00:55,103 INFO L290 TraceCheckUtils]: 128: Hoare triple {17122#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {17122#false} is VALID [2022-02-20 18:00:55,103 INFO L272 TraceCheckUtils]: 129: Hoare triple {17122#false} call setEmailFrom(~msg#1, ~tmp~2#1); {17209#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:55,104 INFO L290 TraceCheckUtils]: 130: Hoare triple {17209#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17121#true} is VALID [2022-02-20 18:00:55,104 INFO L290 TraceCheckUtils]: 131: Hoare triple {17121#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17121#true} is VALID [2022-02-20 18:00:55,104 INFO L290 TraceCheckUtils]: 132: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,104 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {17121#true} {17122#false} #1657#return; {17122#false} is VALID [2022-02-20 18:00:55,104 INFO L290 TraceCheckUtils]: 134: Hoare triple {17122#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {17122#false} is VALID [2022-02-20 18:00:55,104 INFO L272 TraceCheckUtils]: 135: Hoare triple {17122#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {17121#true} is VALID [2022-02-20 18:00:55,104 INFO L290 TraceCheckUtils]: 136: Hoare triple {17121#true} ~handle := #in~handle;havoc ~retValue_acc~33; {17121#true} is VALID [2022-02-20 18:00:55,104 INFO L290 TraceCheckUtils]: 137: Hoare triple {17121#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {17121#true} is VALID [2022-02-20 18:00:55,105 INFO L290 TraceCheckUtils]: 138: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,105 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {17121#true} {17122#false} #1659#return; {17122#false} is VALID [2022-02-20 18:00:55,105 INFO L290 TraceCheckUtils]: 140: Hoare triple {17122#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {17122#false} is VALID [2022-02-20 18:00:55,105 INFO L290 TraceCheckUtils]: 141: Hoare triple {17122#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {17122#false} is VALID [2022-02-20 18:00:55,105 INFO L272 TraceCheckUtils]: 142: Hoare triple {17122#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {17121#true} is VALID [2022-02-20 18:00:55,105 INFO L290 TraceCheckUtils]: 143: Hoare triple {17121#true} ~handle := #in~handle;havoc ~retValue_acc~15; {17121#true} is VALID [2022-02-20 18:00:55,105 INFO L290 TraceCheckUtils]: 144: Hoare triple {17121#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {17121#true} is VALID [2022-02-20 18:00:55,106 INFO L290 TraceCheckUtils]: 145: Hoare triple {17121#true} assume true; {17121#true} is VALID [2022-02-20 18:00:55,106 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {17121#true} {17122#false} #1661#return; {17122#false} is VALID [2022-02-20 18:00:55,106 INFO L290 TraceCheckUtils]: 147: Hoare triple {17122#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {17122#false} is VALID [2022-02-20 18:00:55,106 INFO L290 TraceCheckUtils]: 148: Hoare triple {17122#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {17122#false} is VALID [2022-02-20 18:00:55,106 INFO L290 TraceCheckUtils]: 149: Hoare triple {17122#false} assume !false; {17122#false} is VALID [2022-02-20 18:00:55,107 INFO L134 CoverageAnalysis]: Checked inductivity of 104 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 104 trivial. 0 not checked. [2022-02-20 18:00:55,107 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:55,107 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [235703619] [2022-02-20 18:00:55,107 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [235703619] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:55,107 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:00:55,107 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:00:55,107 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [473270334] [2022-02-20 18:00:55,108 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:55,108 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 150 [2022-02-20 18:00:55,108 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:55,109 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:55,178 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 124 edges. 124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:55,179 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:00:55,179 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:55,179 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:00:55,179 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:00:55,180 INFO L87 Difference]: Start difference. First operand 595 states and 867 transitions. Second operand has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:59,476 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:59,477 INFO L93 Difference]: Finished difference Result 1287 states and 1905 transitions. [2022-02-20 18:00:59,477 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:00:59,477 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 150 [2022-02-20 18:00:59,477 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:59,477 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:59,494 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1903 transitions. [2022-02-20 18:00:59,494 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:00:59,511 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1903 transitions. [2022-02-20 18:00:59,511 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1903 transitions. [2022-02-20 18:01:00,683 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1903 edges. 1903 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:00,708 INFO L225 Difference]: With dead ends: 1287 [2022-02-20 18:01:00,708 INFO L226 Difference]: Without dead ends: 738 [2022-02-20 18:01:00,709 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 43 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:01:00,710 INFO L933 BasicCegarLoop]: 871 mSDtfsCounter, 1996 mSDsluCounter, 643 mSDsCounter, 0 mSdLazyCounter, 556 mSolverCounterSat, 789 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2020 SdHoareTripleChecker+Valid, 1514 SdHoareTripleChecker+Invalid, 1345 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 789 IncrementalHoareTripleChecker+Valid, 556 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.7s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:00,711 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2020 Valid, 1514 Invalid, 1345 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [789 Valid, 556 Invalid, 0 Unknown, 0 Unchecked, 1.7s Time] [2022-02-20 18:01:00,712 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 738 states. [2022-02-20 18:01:00,730 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 738 to 592. [2022-02-20 18:01:00,730 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:00,732 INFO L82 GeneralOperation]: Start isEquivalent. First operand 738 states. Second operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 454 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:01:00,733 INFO L74 IsIncluded]: Start isIncluded. First operand 738 states. Second operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 454 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:01:00,734 INFO L87 Difference]: Start difference. First operand 738 states. Second operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 454 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:01:00,756 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:00,756 INFO L93 Difference]: Finished difference Result 738 states and 1085 transitions. [2022-02-20 18:01:00,757 INFO L276 IsEmpty]: Start isEmpty. Operand 738 states and 1085 transitions. [2022-02-20 18:01:00,759 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:00,759 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:00,766 INFO L74 IsIncluded]: Start isIncluded. First operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 454 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 738 states. [2022-02-20 18:01:00,769 INFO L87 Difference]: Start difference. First operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 454 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 738 states. [2022-02-20 18:01:00,793 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:00,793 INFO L93 Difference]: Finished difference Result 738 states and 1085 transitions. [2022-02-20 18:01:00,793 INFO L276 IsEmpty]: Start isEmpty. Operand 738 states and 1085 transitions. [2022-02-20 18:01:00,796 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:00,796 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:00,796 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:00,796 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:00,799 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 454 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:01:00,846 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 592 states to 592 states and 850 transitions. [2022-02-20 18:01:00,847 INFO L78 Accepts]: Start accepts. Automaton has 592 states and 850 transitions. Word has length 150 [2022-02-20 18:01:00,847 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:00,847 INFO L470 AbstractCegarLoop]: Abstraction has 592 states and 850 transitions. [2022-02-20 18:01:00,848 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:01:00,848 INFO L276 IsEmpty]: Start isEmpty. Operand 592 states and 850 transitions. [2022-02-20 18:01:00,851 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 169 [2022-02-20 18:01:00,851 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:00,851 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:00,851 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:01:00,851 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:00,852 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:00,852 INFO L85 PathProgramCache]: Analyzing trace with hash 45386734, now seen corresponding path program 1 times [2022-02-20 18:01:00,852 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:00,852 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [115560868] [2022-02-20 18:01:00,853 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:00,853 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:00,891 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,929 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:01:00,932 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,935 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:00,935 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:00,935 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21297#true} {21297#true} #1731#return; {21297#true} is VALID [2022-02-20 18:01:00,936 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:01:00,938 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,940 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:00,941 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:00,941 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21297#true} {21297#true} #1733#return; {21297#true} is VALID [2022-02-20 18:01:00,941 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:01:00,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,944 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:00,944 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:00,944 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21297#true} {21297#true} #1735#return; {21297#true} is VALID [2022-02-20 18:01:00,945 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:00,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,948 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:00,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:00,948 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21297#true} {21297#true} #1737#return; {21297#true} is VALID [2022-02-20 18:01:00,948 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:01:00,949 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,951 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:00,951 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:00,951 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21297#true} {21297#true} #1739#return; {21297#true} is VALID [2022-02-20 18:01:00,951 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:01:00,953 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,955 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:00,955 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:00,955 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21297#true} {21297#true} #1741#return; {21297#true} is VALID [2022-02-20 18:01:00,955 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:01:00,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,958 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:00,959 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:00,959 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21297#true} {21297#true} #1743#return; {21297#true} is VALID [2022-02-20 18:01:00,959 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:01:00,960 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,963 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:00,963 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:00,963 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21297#true} {21297#true} #1745#return; {21297#true} is VALID [2022-02-20 18:01:00,969 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:01:00,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,975 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:00,976 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,977 INFO L290 TraceCheckUtils]: 0: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:00,978 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:00,978 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:00,978 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21297#true} {21297#true} #1729#return; {21297#true} is VALID [2022-02-20 18:01:00,978 INFO L290 TraceCheckUtils]: 0: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {21297#true} is VALID [2022-02-20 18:01:00,979 INFO L272 TraceCheckUtils]: 1: Hoare triple {21297#true} call setClientId(~bob___0, ~bob___0); {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:00,979 INFO L290 TraceCheckUtils]: 2: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:00,979 INFO L290 TraceCheckUtils]: 3: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:00,979 INFO L290 TraceCheckUtils]: 4: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:00,979 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21297#true} {21297#true} #1729#return; {21297#true} is VALID [2022-02-20 18:01:00,979 INFO L290 TraceCheckUtils]: 6: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:00,979 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21297#true} {21297#true} #1747#return; {21297#true} is VALID [2022-02-20 18:01:00,985 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:01:00,987 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:00,990 INFO L290 TraceCheckUtils]: 0: Hoare triple {21390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:00,990 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:00,990 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:00,990 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21297#true} {21297#true} #1749#return; {21297#true} is VALID [2022-02-20 18:01:00,990 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:01:00,993 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,008 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:01,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,025 INFO L290 TraceCheckUtils]: 0: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21397#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:01,026 INFO L290 TraceCheckUtils]: 1: Hoare triple {21397#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21398#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:01,026 INFO L290 TraceCheckUtils]: 2: Hoare triple {21398#(= |setClientId_#in~handle| 1)} assume true; {21398#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:01,027 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21398#(= |setClientId_#in~handle| 1)} {21391#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1681#return; {21396#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:01,028 INFO L290 TraceCheckUtils]: 0: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {21391#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:01,028 INFO L272 TraceCheckUtils]: 1: Hoare triple {21391#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:01,029 INFO L290 TraceCheckUtils]: 2: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21397#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:01,029 INFO L290 TraceCheckUtils]: 3: Hoare triple {21397#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21398#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:01,029 INFO L290 TraceCheckUtils]: 4: Hoare triple {21398#(= |setClientId_#in~handle| 1)} assume true; {21398#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:01,030 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21398#(= |setClientId_#in~handle| 1)} {21391#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1681#return; {21396#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:01,030 INFO L290 TraceCheckUtils]: 6: Hoare triple {21396#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {21396#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:01,031 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21396#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {21336#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1753#return; {21298#false} is VALID [2022-02-20 18:01:01,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:01:01,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,037 INFO L290 TraceCheckUtils]: 0: Hoare triple {21390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,038 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21297#true} {21298#false} #1755#return; {21298#false} is VALID [2022-02-20 18:01:01,038 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:01:01,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,044 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:01,045 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,047 INFO L290 TraceCheckUtils]: 0: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,047 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,048 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,048 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21297#true} {21297#true} #1623#return; {21297#true} is VALID [2022-02-20 18:01:01,048 INFO L290 TraceCheckUtils]: 0: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {21297#true} is VALID [2022-02-20 18:01:01,049 INFO L272 TraceCheckUtils]: 1: Hoare triple {21297#true} call setClientId(~chuck___0, ~chuck___0); {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:01,049 INFO L290 TraceCheckUtils]: 2: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,049 INFO L290 TraceCheckUtils]: 3: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,049 INFO L290 TraceCheckUtils]: 4: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,049 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21297#true} {21297#true} #1623#return; {21297#true} is VALID [2022-02-20 18:01:01,049 INFO L290 TraceCheckUtils]: 6: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,050 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21297#true} {21298#false} #1759#return; {21298#false} is VALID [2022-02-20 18:01:01,050 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:01:01,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,054 INFO L290 TraceCheckUtils]: 0: Hoare triple {21390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,055 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,055 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,055 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21297#true} {21298#false} #1761#return; {21298#false} is VALID [2022-02-20 18:01:01,064 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:01:01,065 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,069 INFO L290 TraceCheckUtils]: 0: Hoare triple {21403#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,070 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,070 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,070 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21297#true} {21298#false} #1645#return; {21298#false} is VALID [2022-02-20 18:01:01,078 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:01:01,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,082 INFO L290 TraceCheckUtils]: 0: Hoare triple {21404#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,082 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,082 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,082 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21297#true} {21298#false} #1647#return; {21298#false} is VALID [2022-02-20 18:01:01,083 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:01:01,083 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,088 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} ~handle := #in~handle;havoc ~retValue_acc~15; {21297#true} is VALID [2022-02-20 18:01:01,088 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {21297#true} is VALID [2022-02-20 18:01:01,088 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,088 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21297#true} {21298#false} #1589#return; {21298#false} is VALID [2022-02-20 18:01:01,088 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-02-20 18:01:01,089 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,092 INFO L290 TraceCheckUtils]: 0: Hoare triple {21403#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,092 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,092 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,092 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21297#true} {21298#false} #1657#return; {21298#false} is VALID [2022-02-20 18:01:01,092 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-02-20 18:01:01,096 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,098 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} ~handle := #in~handle;havoc ~retValue_acc~33; {21297#true} is VALID [2022-02-20 18:01:01,099 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {21297#true} is VALID [2022-02-20 18:01:01,099 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,099 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21297#true} {21298#false} #1659#return; {21298#false} is VALID [2022-02-20 18:01:01,099 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 160 [2022-02-20 18:01:01,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,101 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} ~handle := #in~handle;havoc ~retValue_acc~15; {21297#true} is VALID [2022-02-20 18:01:01,101 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {21297#true} is VALID [2022-02-20 18:01:01,101 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,101 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21297#true} {21298#false} #1661#return; {21298#false} is VALID [2022-02-20 18:01:01,102 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {21297#true} is VALID [2022-02-20 18:01:01,102 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {21297#true} is VALID [2022-02-20 18:01:01,102 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {21297#true} is VALID [2022-02-20 18:01:01,102 INFO L272 TraceCheckUtils]: 3: Hoare triple {21297#true} call select_features_#t~ret50#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,102 INFO L290 TraceCheckUtils]: 4: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,102 INFO L290 TraceCheckUtils]: 5: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,102 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21297#true} {21297#true} #1731#return; {21297#true} is VALID [2022-02-20 18:01:01,103 INFO L290 TraceCheckUtils]: 7: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {21297#true} is VALID [2022-02-20 18:01:01,103 INFO L272 TraceCheckUtils]: 8: Hoare triple {21297#true} call select_features_#t~ret51#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,103 INFO L290 TraceCheckUtils]: 9: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,103 INFO L290 TraceCheckUtils]: 10: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,103 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {21297#true} {21297#true} #1733#return; {21297#true} is VALID [2022-02-20 18:01:01,103 INFO L290 TraceCheckUtils]: 12: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {21297#true} is VALID [2022-02-20 18:01:01,103 INFO L272 TraceCheckUtils]: 13: Hoare triple {21297#true} call select_features_#t~ret52#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,103 INFO L290 TraceCheckUtils]: 14: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,104 INFO L290 TraceCheckUtils]: 15: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,104 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21297#true} {21297#true} #1735#return; {21297#true} is VALID [2022-02-20 18:01:01,104 INFO L290 TraceCheckUtils]: 17: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {21297#true} is VALID [2022-02-20 18:01:01,104 INFO L272 TraceCheckUtils]: 18: Hoare triple {21297#true} call select_features_#t~ret53#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,104 INFO L290 TraceCheckUtils]: 19: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,104 INFO L290 TraceCheckUtils]: 20: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,104 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {21297#true} {21297#true} #1737#return; {21297#true} is VALID [2022-02-20 18:01:01,104 INFO L290 TraceCheckUtils]: 22: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {21297#true} is VALID [2022-02-20 18:01:01,105 INFO L272 TraceCheckUtils]: 23: Hoare triple {21297#true} call select_features_#t~ret54#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,105 INFO L290 TraceCheckUtils]: 24: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,105 INFO L290 TraceCheckUtils]: 25: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,105 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {21297#true} {21297#true} #1739#return; {21297#true} is VALID [2022-02-20 18:01:01,105 INFO L290 TraceCheckUtils]: 27: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {21297#true} is VALID [2022-02-20 18:01:01,105 INFO L272 TraceCheckUtils]: 28: Hoare triple {21297#true} call select_features_#t~ret55#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,105 INFO L290 TraceCheckUtils]: 29: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,105 INFO L290 TraceCheckUtils]: 30: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,106 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {21297#true} {21297#true} #1741#return; {21297#true} is VALID [2022-02-20 18:01:01,106 INFO L290 TraceCheckUtils]: 32: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {21297#true} is VALID [2022-02-20 18:01:01,106 INFO L272 TraceCheckUtils]: 33: Hoare triple {21297#true} call select_features_#t~ret56#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,106 INFO L290 TraceCheckUtils]: 34: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,106 INFO L290 TraceCheckUtils]: 35: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,106 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {21297#true} {21297#true} #1743#return; {21297#true} is VALID [2022-02-20 18:01:01,106 INFO L290 TraceCheckUtils]: 37: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {21297#true} is VALID [2022-02-20 18:01:01,106 INFO L272 TraceCheckUtils]: 38: Hoare triple {21297#true} call select_features_#t~ret57#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,107 INFO L290 TraceCheckUtils]: 39: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,107 INFO L290 TraceCheckUtils]: 40: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,107 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {21297#true} {21297#true} #1745#return; {21297#true} is VALID [2022-02-20 18:01:01,107 INFO L290 TraceCheckUtils]: 42: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {21297#true} is VALID [2022-02-20 18:01:01,107 INFO L290 TraceCheckUtils]: 43: Hoare triple {21297#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {21297#true} is VALID [2022-02-20 18:01:01,107 INFO L290 TraceCheckUtils]: 44: Hoare triple {21297#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {21297#true} is VALID [2022-02-20 18:01:01,107 INFO L290 TraceCheckUtils]: 45: Hoare triple {21297#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {21297#true} is VALID [2022-02-20 18:01:01,107 INFO L290 TraceCheckUtils]: 46: Hoare triple {21297#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {21297#true} is VALID [2022-02-20 18:01:01,108 INFO L290 TraceCheckUtils]: 47: Hoare triple {21297#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {21297#true} is VALID [2022-02-20 18:01:01,108 INFO L290 TraceCheckUtils]: 48: Hoare triple {21297#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {21297#true} is VALID [2022-02-20 18:01:01,108 INFO L290 TraceCheckUtils]: 49: Hoare triple {21297#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {21297#true} is VALID [2022-02-20 18:01:01,108 INFO L290 TraceCheckUtils]: 50: Hoare triple {21297#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {21297#true} is VALID [2022-02-20 18:01:01,108 INFO L290 TraceCheckUtils]: 51: Hoare triple {21297#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {21297#true} is VALID [2022-02-20 18:01:01,108 INFO L290 TraceCheckUtils]: 52: Hoare triple {21297#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {21297#true} is VALID [2022-02-20 18:01:01,108 INFO L290 TraceCheckUtils]: 53: Hoare triple {21297#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~15#1 := 1; {21297#true} is VALID [2022-02-20 18:01:01,108 INFO L290 TraceCheckUtils]: 54: Hoare triple {21297#true} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {21297#true} is VALID [2022-02-20 18:01:01,109 INFO L290 TraceCheckUtils]: 55: Hoare triple {21297#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {21297#true} is VALID [2022-02-20 18:01:01,109 INFO L290 TraceCheckUtils]: 56: Hoare triple {21297#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {21297#true} is VALID [2022-02-20 18:01:01,109 INFO L290 TraceCheckUtils]: 57: Hoare triple {21297#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {21297#true} is VALID [2022-02-20 18:01:01,109 INFO L272 TraceCheckUtils]: 58: Hoare triple {21297#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:01,110 INFO L290 TraceCheckUtils]: 59: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {21297#true} is VALID [2022-02-20 18:01:01,110 INFO L272 TraceCheckUtils]: 60: Hoare triple {21297#true} call setClientId(~bob___0, ~bob___0); {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:01,110 INFO L290 TraceCheckUtils]: 61: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,110 INFO L290 TraceCheckUtils]: 62: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,110 INFO L290 TraceCheckUtils]: 63: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,111 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21297#true} {21297#true} #1729#return; {21297#true} is VALID [2022-02-20 18:01:01,111 INFO L290 TraceCheckUtils]: 65: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,111 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21297#true} {21297#true} #1747#return; {21297#true} is VALID [2022-02-20 18:01:01,111 INFO L272 TraceCheckUtils]: 67: Hoare triple {21297#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {21390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:01,112 INFO L290 TraceCheckUtils]: 68: Hoare triple {21390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,112 INFO L290 TraceCheckUtils]: 69: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,112 INFO L290 TraceCheckUtils]: 70: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,112 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21297#true} {21297#true} #1749#return; {21297#true} is VALID [2022-02-20 18:01:01,112 INFO L290 TraceCheckUtils]: 72: Hoare triple {21297#true} assume { :end_inline_setup_bob__role__Keys } true; {21297#true} is VALID [2022-02-20 18:01:01,112 INFO L290 TraceCheckUtils]: 73: Hoare triple {21297#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {21335#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:01,113 INFO L290 TraceCheckUtils]: 74: Hoare triple {21335#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {21336#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:01,113 INFO L272 TraceCheckUtils]: 75: Hoare triple {21336#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:01,114 INFO L290 TraceCheckUtils]: 76: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {21391#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:01,114 INFO L272 TraceCheckUtils]: 77: Hoare triple {21391#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:01,115 INFO L290 TraceCheckUtils]: 78: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21397#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:01,115 INFO L290 TraceCheckUtils]: 79: Hoare triple {21397#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21398#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:01,115 INFO L290 TraceCheckUtils]: 80: Hoare triple {21398#(= |setClientId_#in~handle| 1)} assume true; {21398#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:01,116 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21398#(= |setClientId_#in~handle| 1)} {21391#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1681#return; {21396#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:01,116 INFO L290 TraceCheckUtils]: 82: Hoare triple {21396#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {21396#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:01,116 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {21396#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {21336#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1753#return; {21298#false} is VALID [2022-02-20 18:01:01,117 INFO L272 TraceCheckUtils]: 84: Hoare triple {21298#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {21390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:01,117 INFO L290 TraceCheckUtils]: 85: Hoare triple {21390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,117 INFO L290 TraceCheckUtils]: 86: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,117 INFO L290 TraceCheckUtils]: 87: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,117 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21297#true} {21298#false} #1755#return; {21298#false} is VALID [2022-02-20 18:01:01,117 INFO L290 TraceCheckUtils]: 89: Hoare triple {21298#false} assume { :end_inline_setup_rjh__role__Keys } true; {21298#false} is VALID [2022-02-20 18:01:01,117 INFO L290 TraceCheckUtils]: 90: Hoare triple {21298#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {21298#false} is VALID [2022-02-20 18:01:01,117 INFO L290 TraceCheckUtils]: 91: Hoare triple {21298#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {21298#false} is VALID [2022-02-20 18:01:01,118 INFO L272 TraceCheckUtils]: 92: Hoare triple {21298#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:01,118 INFO L290 TraceCheckUtils]: 93: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {21297#true} is VALID [2022-02-20 18:01:01,118 INFO L272 TraceCheckUtils]: 94: Hoare triple {21297#true} call setClientId(~chuck___0, ~chuck___0); {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:01,118 INFO L290 TraceCheckUtils]: 95: Hoare triple {21385#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,118 INFO L290 TraceCheckUtils]: 96: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,119 INFO L290 TraceCheckUtils]: 97: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,119 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21297#true} {21297#true} #1623#return; {21297#true} is VALID [2022-02-20 18:01:01,119 INFO L290 TraceCheckUtils]: 99: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,119 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21297#true} {21298#false} #1759#return; {21298#false} is VALID [2022-02-20 18:01:01,119 INFO L272 TraceCheckUtils]: 101: Hoare triple {21298#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {21390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:01,119 INFO L290 TraceCheckUtils]: 102: Hoare triple {21390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,119 INFO L290 TraceCheckUtils]: 103: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,119 INFO L290 TraceCheckUtils]: 104: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,120 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21297#true} {21298#false} #1761#return; {21298#false} is VALID [2022-02-20 18:01:01,120 INFO L290 TraceCheckUtils]: 106: Hoare triple {21298#false} assume { :end_inline_setup_chuck__role__Keys } true; {21298#false} is VALID [2022-02-20 18:01:01,120 INFO L290 TraceCheckUtils]: 107: Hoare triple {21298#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {21298#false} is VALID [2022-02-20 18:01:01,120 INFO L290 TraceCheckUtils]: 108: Hoare triple {21298#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21298#false} is VALID [2022-02-20 18:01:01,120 INFO L290 TraceCheckUtils]: 109: Hoare triple {21298#false} assume !false; {21298#false} is VALID [2022-02-20 18:01:01,120 INFO L290 TraceCheckUtils]: 110: Hoare triple {21298#false} assume !(test_~splverifierCounter~0#1 < 4); {21298#false} is VALID [2022-02-20 18:01:01,120 INFO L290 TraceCheckUtils]: 111: Hoare triple {21298#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {21298#false} is VALID [2022-02-20 18:01:01,121 INFO L272 TraceCheckUtils]: 112: Hoare triple {21298#false} call sendEmail(~bob~0, ~rjh~0); {21298#false} is VALID [2022-02-20 18:01:01,121 INFO L290 TraceCheckUtils]: 113: Hoare triple {21298#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21298#false} is VALID [2022-02-20 18:01:01,121 INFO L272 TraceCheckUtils]: 114: Hoare triple {21298#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21403#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:01,121 INFO L290 TraceCheckUtils]: 115: Hoare triple {21403#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,121 INFO L290 TraceCheckUtils]: 116: Hoare triple {21297#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,121 INFO L290 TraceCheckUtils]: 117: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,121 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {21297#true} {21298#false} #1645#return; {21298#false} is VALID [2022-02-20 18:01:01,121 INFO L272 TraceCheckUtils]: 119: Hoare triple {21298#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21404#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:01,122 INFO L290 TraceCheckUtils]: 120: Hoare triple {21404#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,122 INFO L290 TraceCheckUtils]: 121: Hoare triple {21297#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,122 INFO L290 TraceCheckUtils]: 122: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,122 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {21297#true} {21298#false} #1647#return; {21298#false} is VALID [2022-02-20 18:01:01,122 INFO L290 TraceCheckUtils]: 124: Hoare triple {21298#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {21298#false} is VALID [2022-02-20 18:01:01,122 INFO L290 TraceCheckUtils]: 125: Hoare triple {21298#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {21298#false} is VALID [2022-02-20 18:01:01,122 INFO L272 TraceCheckUtils]: 126: Hoare triple {21298#false} call outgoing(~sender#1, ~email~0#1); {21298#false} is VALID [2022-02-20 18:01:01,122 INFO L290 TraceCheckUtils]: 127: Hoare triple {21298#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21298#false} is VALID [2022-02-20 18:01:01,123 INFO L290 TraceCheckUtils]: 128: Hoare triple {21298#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {21298#false} is VALID [2022-02-20 18:01:01,123 INFO L272 TraceCheckUtils]: 129: Hoare triple {21298#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {21297#true} is VALID [2022-02-20 18:01:01,123 INFO L290 TraceCheckUtils]: 130: Hoare triple {21297#true} ~handle := #in~handle;havoc ~retValue_acc~15; {21297#true} is VALID [2022-02-20 18:01:01,123 INFO L290 TraceCheckUtils]: 131: Hoare triple {21297#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {21297#true} is VALID [2022-02-20 18:01:01,123 INFO L290 TraceCheckUtils]: 132: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,123 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {21297#true} {21298#false} #1589#return; {21298#false} is VALID [2022-02-20 18:01:01,123 INFO L290 TraceCheckUtils]: 134: Hoare triple {21298#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {21298#false} is VALID [2022-02-20 18:01:01,123 INFO L290 TraceCheckUtils]: 135: Hoare triple {21298#false} assume 0 == sign_~privkey~1#1; {21298#false} is VALID [2022-02-20 18:01:01,124 INFO L290 TraceCheckUtils]: 136: Hoare triple {21298#false} assume { :end_inline_sign } true; {21298#false} is VALID [2022-02-20 18:01:01,124 INFO L272 TraceCheckUtils]: 137: Hoare triple {21298#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {21298#false} is VALID [2022-02-20 18:01:01,124 INFO L290 TraceCheckUtils]: 138: Hoare triple {21298#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21298#false} is VALID [2022-02-20 18:01:01,124 INFO L290 TraceCheckUtils]: 139: Hoare triple {21298#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {21298#false} is VALID [2022-02-20 18:01:01,124 INFO L272 TraceCheckUtils]: 140: Hoare triple {21298#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {21298#false} is VALID [2022-02-20 18:01:01,124 INFO L290 TraceCheckUtils]: 141: Hoare triple {21298#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21298#false} is VALID [2022-02-20 18:01:01,124 INFO L290 TraceCheckUtils]: 142: Hoare triple {21298#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {21298#false} is VALID [2022-02-20 18:01:01,124 INFO L272 TraceCheckUtils]: 143: Hoare triple {21298#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {21298#false} is VALID [2022-02-20 18:01:01,125 INFO L290 TraceCheckUtils]: 144: Hoare triple {21298#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {21298#false} is VALID [2022-02-20 18:01:01,125 INFO L290 TraceCheckUtils]: 145: Hoare triple {21298#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {21298#false} is VALID [2022-02-20 18:01:01,125 INFO L290 TraceCheckUtils]: 146: Hoare triple {21298#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {21298#false} is VALID [2022-02-20 18:01:01,125 INFO L272 TraceCheckUtils]: 147: Hoare triple {21298#false} call setEmailFrom(~msg#1, ~tmp~2#1); {21403#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:01,125 INFO L290 TraceCheckUtils]: 148: Hoare triple {21403#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,125 INFO L290 TraceCheckUtils]: 149: Hoare triple {21297#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,125 INFO L290 TraceCheckUtils]: 150: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,126 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {21297#true} {21298#false} #1657#return; {21298#false} is VALID [2022-02-20 18:01:01,126 INFO L290 TraceCheckUtils]: 152: Hoare triple {21298#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {21298#false} is VALID [2022-02-20 18:01:01,126 INFO L272 TraceCheckUtils]: 153: Hoare triple {21298#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {21297#true} is VALID [2022-02-20 18:01:01,126 INFO L290 TraceCheckUtils]: 154: Hoare triple {21297#true} ~handle := #in~handle;havoc ~retValue_acc~33; {21297#true} is VALID [2022-02-20 18:01:01,126 INFO L290 TraceCheckUtils]: 155: Hoare triple {21297#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {21297#true} is VALID [2022-02-20 18:01:01,127 INFO L290 TraceCheckUtils]: 156: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,127 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {21297#true} {21298#false} #1659#return; {21298#false} is VALID [2022-02-20 18:01:01,127 INFO L290 TraceCheckUtils]: 158: Hoare triple {21298#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {21298#false} is VALID [2022-02-20 18:01:01,127 INFO L290 TraceCheckUtils]: 159: Hoare triple {21298#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {21298#false} is VALID [2022-02-20 18:01:01,127 INFO L272 TraceCheckUtils]: 160: Hoare triple {21298#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {21297#true} is VALID [2022-02-20 18:01:01,127 INFO L290 TraceCheckUtils]: 161: Hoare triple {21297#true} ~handle := #in~handle;havoc ~retValue_acc~15; {21297#true} is VALID [2022-02-20 18:01:01,127 INFO L290 TraceCheckUtils]: 162: Hoare triple {21297#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {21297#true} is VALID [2022-02-20 18:01:01,127 INFO L290 TraceCheckUtils]: 163: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,128 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {21297#true} {21298#false} #1661#return; {21298#false} is VALID [2022-02-20 18:01:01,128 INFO L290 TraceCheckUtils]: 165: Hoare triple {21298#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {21298#false} is VALID [2022-02-20 18:01:01,128 INFO L290 TraceCheckUtils]: 166: Hoare triple {21298#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {21298#false} is VALID [2022-02-20 18:01:01,128 INFO L290 TraceCheckUtils]: 167: Hoare triple {21298#false} assume !false; {21298#false} is VALID [2022-02-20 18:01:01,129 INFO L134 CoverageAnalysis]: Checked inductivity of 116 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 110 trivial. 0 not checked. [2022-02-20 18:01:01,129 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:01,129 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [115560868] [2022-02-20 18:01:01,129 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [115560868] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:01,129 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [991499103] [2022-02-20 18:01:01,129 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:01,129 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:01,130 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:01,157 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:01,185 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:01:01,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,434 INFO L263 TraceCheckSpWp]: Trace formula consists of 1420 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:01:01,490 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:01,497 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:01,845 INFO L290 TraceCheckUtils]: 0: Hoare triple {21297#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {21297#true} is VALID [2022-02-20 18:01:01,845 INFO L290 TraceCheckUtils]: 1: Hoare triple {21297#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {21297#true} is VALID [2022-02-20 18:01:01,846 INFO L290 TraceCheckUtils]: 2: Hoare triple {21297#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {21297#true} is VALID [2022-02-20 18:01:01,846 INFO L272 TraceCheckUtils]: 3: Hoare triple {21297#true} call select_features_#t~ret50#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,846 INFO L290 TraceCheckUtils]: 4: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,846 INFO L290 TraceCheckUtils]: 5: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,846 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21297#true} {21297#true} #1731#return; {21297#true} is VALID [2022-02-20 18:01:01,847 INFO L290 TraceCheckUtils]: 7: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {21297#true} is VALID [2022-02-20 18:01:01,847 INFO L272 TraceCheckUtils]: 8: Hoare triple {21297#true} call select_features_#t~ret51#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,847 INFO L290 TraceCheckUtils]: 9: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,847 INFO L290 TraceCheckUtils]: 10: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,847 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {21297#true} {21297#true} #1733#return; {21297#true} is VALID [2022-02-20 18:01:01,847 INFO L290 TraceCheckUtils]: 12: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {21297#true} is VALID [2022-02-20 18:01:01,848 INFO L272 TraceCheckUtils]: 13: Hoare triple {21297#true} call select_features_#t~ret52#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,848 INFO L290 TraceCheckUtils]: 14: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,848 INFO L290 TraceCheckUtils]: 15: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,848 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21297#true} {21297#true} #1735#return; {21297#true} is VALID [2022-02-20 18:01:01,848 INFO L290 TraceCheckUtils]: 17: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {21297#true} is VALID [2022-02-20 18:01:01,848 INFO L272 TraceCheckUtils]: 18: Hoare triple {21297#true} call select_features_#t~ret53#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,849 INFO L290 TraceCheckUtils]: 19: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,849 INFO L290 TraceCheckUtils]: 20: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,849 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {21297#true} {21297#true} #1737#return; {21297#true} is VALID [2022-02-20 18:01:01,849 INFO L290 TraceCheckUtils]: 22: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {21297#true} is VALID [2022-02-20 18:01:01,849 INFO L272 TraceCheckUtils]: 23: Hoare triple {21297#true} call select_features_#t~ret54#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,849 INFO L290 TraceCheckUtils]: 24: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,850 INFO L290 TraceCheckUtils]: 25: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,850 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {21297#true} {21297#true} #1739#return; {21297#true} is VALID [2022-02-20 18:01:01,850 INFO L290 TraceCheckUtils]: 27: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {21297#true} is VALID [2022-02-20 18:01:01,850 INFO L272 TraceCheckUtils]: 28: Hoare triple {21297#true} call select_features_#t~ret55#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,850 INFO L290 TraceCheckUtils]: 29: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,850 INFO L290 TraceCheckUtils]: 30: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,851 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {21297#true} {21297#true} #1741#return; {21297#true} is VALID [2022-02-20 18:01:01,851 INFO L290 TraceCheckUtils]: 32: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {21297#true} is VALID [2022-02-20 18:01:01,851 INFO L272 TraceCheckUtils]: 33: Hoare triple {21297#true} call select_features_#t~ret56#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,851 INFO L290 TraceCheckUtils]: 34: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,851 INFO L290 TraceCheckUtils]: 35: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,851 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {21297#true} {21297#true} #1743#return; {21297#true} is VALID [2022-02-20 18:01:01,852 INFO L290 TraceCheckUtils]: 37: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {21297#true} is VALID [2022-02-20 18:01:01,852 INFO L272 TraceCheckUtils]: 38: Hoare triple {21297#true} call select_features_#t~ret57#1 := select_one(); {21297#true} is VALID [2022-02-20 18:01:01,852 INFO L290 TraceCheckUtils]: 39: Hoare triple {21297#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {21297#true} is VALID [2022-02-20 18:01:01,852 INFO L290 TraceCheckUtils]: 40: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,852 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {21297#true} {21297#true} #1745#return; {21297#true} is VALID [2022-02-20 18:01:01,852 INFO L290 TraceCheckUtils]: 42: Hoare triple {21297#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {21297#true} is VALID [2022-02-20 18:01:01,853 INFO L290 TraceCheckUtils]: 43: Hoare triple {21297#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {21297#true} is VALID [2022-02-20 18:01:01,853 INFO L290 TraceCheckUtils]: 44: Hoare triple {21297#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {21297#true} is VALID [2022-02-20 18:01:01,853 INFO L290 TraceCheckUtils]: 45: Hoare triple {21297#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {21297#true} is VALID [2022-02-20 18:01:01,853 INFO L290 TraceCheckUtils]: 46: Hoare triple {21297#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {21297#true} is VALID [2022-02-20 18:01:01,853 INFO L290 TraceCheckUtils]: 47: Hoare triple {21297#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {21297#true} is VALID [2022-02-20 18:01:01,853 INFO L290 TraceCheckUtils]: 48: Hoare triple {21297#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {21297#true} is VALID [2022-02-20 18:01:01,854 INFO L290 TraceCheckUtils]: 49: Hoare triple {21297#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {21297#true} is VALID [2022-02-20 18:01:01,854 INFO L290 TraceCheckUtils]: 50: Hoare triple {21297#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {21297#true} is VALID [2022-02-20 18:01:01,854 INFO L290 TraceCheckUtils]: 51: Hoare triple {21297#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {21297#true} is VALID [2022-02-20 18:01:01,854 INFO L290 TraceCheckUtils]: 52: Hoare triple {21297#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {21297#true} is VALID [2022-02-20 18:01:01,854 INFO L290 TraceCheckUtils]: 53: Hoare triple {21297#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~15#1 := 1; {21297#true} is VALID [2022-02-20 18:01:01,854 INFO L290 TraceCheckUtils]: 54: Hoare triple {21297#true} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {21297#true} is VALID [2022-02-20 18:01:01,855 INFO L290 TraceCheckUtils]: 55: Hoare triple {21297#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {21297#true} is VALID [2022-02-20 18:01:01,855 INFO L290 TraceCheckUtils]: 56: Hoare triple {21297#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {21297#true} is VALID [2022-02-20 18:01:01,855 INFO L290 TraceCheckUtils]: 57: Hoare triple {21297#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {21297#true} is VALID [2022-02-20 18:01:01,855 INFO L272 TraceCheckUtils]: 58: Hoare triple {21297#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {21297#true} is VALID [2022-02-20 18:01:01,855 INFO L290 TraceCheckUtils]: 59: Hoare triple {21297#true} ~bob___0 := #in~bob___0; {21297#true} is VALID [2022-02-20 18:01:01,855 INFO L272 TraceCheckUtils]: 60: Hoare triple {21297#true} call setClientId(~bob___0, ~bob___0); {21297#true} is VALID [2022-02-20 18:01:01,856 INFO L290 TraceCheckUtils]: 61: Hoare triple {21297#true} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,856 INFO L290 TraceCheckUtils]: 62: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,856 INFO L290 TraceCheckUtils]: 63: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,856 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21297#true} {21297#true} #1729#return; {21297#true} is VALID [2022-02-20 18:01:01,856 INFO L290 TraceCheckUtils]: 65: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,856 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21297#true} {21297#true} #1747#return; {21297#true} is VALID [2022-02-20 18:01:01,856 INFO L272 TraceCheckUtils]: 67: Hoare triple {21297#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {21297#true} is VALID [2022-02-20 18:01:01,857 INFO L290 TraceCheckUtils]: 68: Hoare triple {21297#true} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,857 INFO L290 TraceCheckUtils]: 69: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,857 INFO L290 TraceCheckUtils]: 70: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,857 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21297#true} {21297#true} #1749#return; {21297#true} is VALID [2022-02-20 18:01:01,857 INFO L290 TraceCheckUtils]: 72: Hoare triple {21297#true} assume { :end_inline_setup_bob__role__Keys } true; {21297#true} is VALID [2022-02-20 18:01:01,857 INFO L290 TraceCheckUtils]: 73: Hoare triple {21297#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {21297#true} is VALID [2022-02-20 18:01:01,857 INFO L290 TraceCheckUtils]: 74: Hoare triple {21297#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {21297#true} is VALID [2022-02-20 18:01:01,858 INFO L272 TraceCheckUtils]: 75: Hoare triple {21297#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {21297#true} is VALID [2022-02-20 18:01:01,858 INFO L290 TraceCheckUtils]: 76: Hoare triple {21297#true} ~rjh___0 := #in~rjh___0; {21297#true} is VALID [2022-02-20 18:01:01,858 INFO L272 TraceCheckUtils]: 77: Hoare triple {21297#true} call setClientId(~rjh___0, ~rjh___0); {21297#true} is VALID [2022-02-20 18:01:01,858 INFO L290 TraceCheckUtils]: 78: Hoare triple {21297#true} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,858 INFO L290 TraceCheckUtils]: 79: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,858 INFO L290 TraceCheckUtils]: 80: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,858 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21297#true} {21297#true} #1681#return; {21297#true} is VALID [2022-02-20 18:01:01,859 INFO L290 TraceCheckUtils]: 82: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,859 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {21297#true} {21297#true} #1753#return; {21297#true} is VALID [2022-02-20 18:01:01,859 INFO L272 TraceCheckUtils]: 84: Hoare triple {21297#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {21297#true} is VALID [2022-02-20 18:01:01,859 INFO L290 TraceCheckUtils]: 85: Hoare triple {21297#true} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,859 INFO L290 TraceCheckUtils]: 86: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,859 INFO L290 TraceCheckUtils]: 87: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,860 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21297#true} {21297#true} #1755#return; {21297#true} is VALID [2022-02-20 18:01:01,860 INFO L290 TraceCheckUtils]: 89: Hoare triple {21297#true} assume { :end_inline_setup_rjh__role__Keys } true; {21297#true} is VALID [2022-02-20 18:01:01,860 INFO L290 TraceCheckUtils]: 90: Hoare triple {21297#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {21297#true} is VALID [2022-02-20 18:01:01,860 INFO L290 TraceCheckUtils]: 91: Hoare triple {21297#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {21297#true} is VALID [2022-02-20 18:01:01,860 INFO L272 TraceCheckUtils]: 92: Hoare triple {21297#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {21297#true} is VALID [2022-02-20 18:01:01,860 INFO L290 TraceCheckUtils]: 93: Hoare triple {21297#true} ~chuck___0 := #in~chuck___0; {21297#true} is VALID [2022-02-20 18:01:01,860 INFO L272 TraceCheckUtils]: 94: Hoare triple {21297#true} call setClientId(~chuck___0, ~chuck___0); {21297#true} is VALID [2022-02-20 18:01:01,861 INFO L290 TraceCheckUtils]: 95: Hoare triple {21297#true} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,861 INFO L290 TraceCheckUtils]: 96: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,861 INFO L290 TraceCheckUtils]: 97: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,861 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21297#true} {21297#true} #1623#return; {21297#true} is VALID [2022-02-20 18:01:01,861 INFO L290 TraceCheckUtils]: 99: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,861 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21297#true} {21297#true} #1759#return; {21297#true} is VALID [2022-02-20 18:01:01,861 INFO L272 TraceCheckUtils]: 101: Hoare triple {21297#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {21297#true} is VALID [2022-02-20 18:01:01,862 INFO L290 TraceCheckUtils]: 102: Hoare triple {21297#true} ~handle := #in~handle;~value := #in~value; {21297#true} is VALID [2022-02-20 18:01:01,862 INFO L290 TraceCheckUtils]: 103: Hoare triple {21297#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21297#true} is VALID [2022-02-20 18:01:01,862 INFO L290 TraceCheckUtils]: 104: Hoare triple {21297#true} assume true; {21297#true} is VALID [2022-02-20 18:01:01,862 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21297#true} {21297#true} #1761#return; {21297#true} is VALID [2022-02-20 18:01:01,862 INFO L290 TraceCheckUtils]: 106: Hoare triple {21297#true} assume { :end_inline_setup_chuck__role__Keys } true; {21297#true} is VALID [2022-02-20 18:01:01,862 INFO L290 TraceCheckUtils]: 107: Hoare triple {21297#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {21297#true} is VALID [2022-02-20 18:01:01,863 INFO L290 TraceCheckUtils]: 108: Hoare triple {21297#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21732#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:01,863 INFO L290 TraceCheckUtils]: 109: Hoare triple {21732#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {21732#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:01,864 INFO L290 TraceCheckUtils]: 110: Hoare triple {21732#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {21298#false} is VALID [2022-02-20 18:01:01,864 INFO L290 TraceCheckUtils]: 111: Hoare triple {21298#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {21298#false} is VALID [2022-02-20 18:01:01,864 INFO L272 TraceCheckUtils]: 112: Hoare triple {21298#false} call sendEmail(~bob~0, ~rjh~0); {21298#false} is VALID [2022-02-20 18:01:01,864 INFO L290 TraceCheckUtils]: 113: Hoare triple {21298#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21298#false} is VALID [2022-02-20 18:01:01,864 INFO L272 TraceCheckUtils]: 114: Hoare triple {21298#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21298#false} is VALID [2022-02-20 18:01:01,864 INFO L290 TraceCheckUtils]: 115: Hoare triple {21298#false} ~handle := #in~handle;~value := #in~value; {21298#false} is VALID [2022-02-20 18:01:01,864 INFO L290 TraceCheckUtils]: 116: Hoare triple {21298#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21298#false} is VALID [2022-02-20 18:01:01,864 INFO L290 TraceCheckUtils]: 117: Hoare triple {21298#false} assume true; {21298#false} is VALID [2022-02-20 18:01:01,865 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {21298#false} {21298#false} #1645#return; {21298#false} is VALID [2022-02-20 18:01:01,865 INFO L272 TraceCheckUtils]: 119: Hoare triple {21298#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21298#false} is VALID [2022-02-20 18:01:01,865 INFO L290 TraceCheckUtils]: 120: Hoare triple {21298#false} ~handle := #in~handle;~value := #in~value; {21298#false} is VALID [2022-02-20 18:01:01,865 INFO L290 TraceCheckUtils]: 121: Hoare triple {21298#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21298#false} is VALID [2022-02-20 18:01:01,865 INFO L290 TraceCheckUtils]: 122: Hoare triple {21298#false} assume true; {21298#false} is VALID [2022-02-20 18:01:01,865 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {21298#false} {21298#false} #1647#return; {21298#false} is VALID [2022-02-20 18:01:01,865 INFO L290 TraceCheckUtils]: 124: Hoare triple {21298#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {21298#false} is VALID [2022-02-20 18:01:01,865 INFO L290 TraceCheckUtils]: 125: Hoare triple {21298#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {21298#false} is VALID [2022-02-20 18:01:01,865 INFO L272 TraceCheckUtils]: 126: Hoare triple {21298#false} call outgoing(~sender#1, ~email~0#1); {21298#false} is VALID [2022-02-20 18:01:01,866 INFO L290 TraceCheckUtils]: 127: Hoare triple {21298#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21298#false} is VALID [2022-02-20 18:01:01,866 INFO L290 TraceCheckUtils]: 128: Hoare triple {21298#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {21298#false} is VALID [2022-02-20 18:01:01,866 INFO L272 TraceCheckUtils]: 129: Hoare triple {21298#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {21298#false} is VALID [2022-02-20 18:01:01,866 INFO L290 TraceCheckUtils]: 130: Hoare triple {21298#false} ~handle := #in~handle;havoc ~retValue_acc~15; {21298#false} is VALID [2022-02-20 18:01:01,866 INFO L290 TraceCheckUtils]: 131: Hoare triple {21298#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {21298#false} is VALID [2022-02-20 18:01:01,866 INFO L290 TraceCheckUtils]: 132: Hoare triple {21298#false} assume true; {21298#false} is VALID [2022-02-20 18:01:01,866 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {21298#false} {21298#false} #1589#return; {21298#false} is VALID [2022-02-20 18:01:01,866 INFO L290 TraceCheckUtils]: 134: Hoare triple {21298#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {21298#false} is VALID [2022-02-20 18:01:01,866 INFO L290 TraceCheckUtils]: 135: Hoare triple {21298#false} assume 0 == sign_~privkey~1#1; {21298#false} is VALID [2022-02-20 18:01:01,867 INFO L290 TraceCheckUtils]: 136: Hoare triple {21298#false} assume { :end_inline_sign } true; {21298#false} is VALID [2022-02-20 18:01:01,867 INFO L272 TraceCheckUtils]: 137: Hoare triple {21298#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {21298#false} is VALID [2022-02-20 18:01:01,867 INFO L290 TraceCheckUtils]: 138: Hoare triple {21298#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21298#false} is VALID [2022-02-20 18:01:01,867 INFO L290 TraceCheckUtils]: 139: Hoare triple {21298#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {21298#false} is VALID [2022-02-20 18:01:01,867 INFO L272 TraceCheckUtils]: 140: Hoare triple {21298#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {21298#false} is VALID [2022-02-20 18:01:01,867 INFO L290 TraceCheckUtils]: 141: Hoare triple {21298#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21298#false} is VALID [2022-02-20 18:01:01,867 INFO L290 TraceCheckUtils]: 142: Hoare triple {21298#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {21298#false} is VALID [2022-02-20 18:01:01,867 INFO L272 TraceCheckUtils]: 143: Hoare triple {21298#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {21298#false} is VALID [2022-02-20 18:01:01,868 INFO L290 TraceCheckUtils]: 144: Hoare triple {21298#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {21298#false} is VALID [2022-02-20 18:01:01,868 INFO L290 TraceCheckUtils]: 145: Hoare triple {21298#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {21298#false} is VALID [2022-02-20 18:01:01,868 INFO L290 TraceCheckUtils]: 146: Hoare triple {21298#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {21298#false} is VALID [2022-02-20 18:01:01,868 INFO L272 TraceCheckUtils]: 147: Hoare triple {21298#false} call setEmailFrom(~msg#1, ~tmp~2#1); {21298#false} is VALID [2022-02-20 18:01:01,868 INFO L290 TraceCheckUtils]: 148: Hoare triple {21298#false} ~handle := #in~handle;~value := #in~value; {21298#false} is VALID [2022-02-20 18:01:01,868 INFO L290 TraceCheckUtils]: 149: Hoare triple {21298#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21298#false} is VALID [2022-02-20 18:01:01,868 INFO L290 TraceCheckUtils]: 150: Hoare triple {21298#false} assume true; {21298#false} is VALID [2022-02-20 18:01:01,868 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {21298#false} {21298#false} #1657#return; {21298#false} is VALID [2022-02-20 18:01:01,868 INFO L290 TraceCheckUtils]: 152: Hoare triple {21298#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {21298#false} is VALID [2022-02-20 18:01:01,869 INFO L272 TraceCheckUtils]: 153: Hoare triple {21298#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {21298#false} is VALID [2022-02-20 18:01:01,869 INFO L290 TraceCheckUtils]: 154: Hoare triple {21298#false} ~handle := #in~handle;havoc ~retValue_acc~33; {21298#false} is VALID [2022-02-20 18:01:01,869 INFO L290 TraceCheckUtils]: 155: Hoare triple {21298#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {21298#false} is VALID [2022-02-20 18:01:01,869 INFO L290 TraceCheckUtils]: 156: Hoare triple {21298#false} assume true; {21298#false} is VALID [2022-02-20 18:01:01,869 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {21298#false} {21298#false} #1659#return; {21298#false} is VALID [2022-02-20 18:01:01,869 INFO L290 TraceCheckUtils]: 158: Hoare triple {21298#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {21298#false} is VALID [2022-02-20 18:01:01,869 INFO L290 TraceCheckUtils]: 159: Hoare triple {21298#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {21298#false} is VALID [2022-02-20 18:01:01,869 INFO L272 TraceCheckUtils]: 160: Hoare triple {21298#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {21298#false} is VALID [2022-02-20 18:01:01,869 INFO L290 TraceCheckUtils]: 161: Hoare triple {21298#false} ~handle := #in~handle;havoc ~retValue_acc~15; {21298#false} is VALID [2022-02-20 18:01:01,870 INFO L290 TraceCheckUtils]: 162: Hoare triple {21298#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {21298#false} is VALID [2022-02-20 18:01:01,870 INFO L290 TraceCheckUtils]: 163: Hoare triple {21298#false} assume true; {21298#false} is VALID [2022-02-20 18:01:01,870 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {21298#false} {21298#false} #1661#return; {21298#false} is VALID [2022-02-20 18:01:01,870 INFO L290 TraceCheckUtils]: 165: Hoare triple {21298#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {21298#false} is VALID [2022-02-20 18:01:01,870 INFO L290 TraceCheckUtils]: 166: Hoare triple {21298#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {21298#false} is VALID [2022-02-20 18:01:01,870 INFO L290 TraceCheckUtils]: 167: Hoare triple {21298#false} assume !false; {21298#false} is VALID [2022-02-20 18:01:01,871 INFO L134 CoverageAnalysis]: Checked inductivity of 116 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 116 trivial. 0 not checked. [2022-02-20 18:01:01,871 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:01,871 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [991499103] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:01,871 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:01,871 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 18:01:01,871 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1299129289] [2022-02-20 18:01:01,872 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:01,872 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 28.333333333333332) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 168 [2022-02-20 18:01:01,872 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:01,873 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 28.333333333333332) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:01:01,988 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 136 edges. 136 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:01,988 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:01:01,989 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:01,989 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:01:01,989 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:01:01,990 INFO L87 Difference]: Start difference. First operand 592 states and 850 transitions. Second operand has 3 states, 3 states have (on average 28.333333333333332) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:01:02,651 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:02,651 INFO L93 Difference]: Finished difference Result 919 states and 1301 transitions. [2022-02-20 18:01:02,651 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:01:02,652 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 28.333333333333332) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 168 [2022-02-20 18:01:02,652 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:02,652 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 28.333333333333332) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:01:02,662 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1299 transitions. [2022-02-20 18:01:02,663 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 28.333333333333332) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:01:02,672 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1299 transitions. [2022-02-20 18:01:02,673 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1299 transitions. [2022-02-20 18:01:03,280 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1299 edges. 1299 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:03,297 INFO L225 Difference]: With dead ends: 919 [2022-02-20 18:01:03,297 INFO L226 Difference]: Without dead ends: 595 [2022-02-20 18:01:03,298 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 219 GetRequests, 208 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:01:03,299 INFO L933 BasicCegarLoop]: 846 mSDtfsCounter, 1 mSDsluCounter, 844 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1690 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:03,299 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1690 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:03,300 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 595 states. [2022-02-20 18:01:03,316 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 595 to 594. [2022-02-20 18:01:03,316 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:03,317 INFO L82 GeneralOperation]: Start isEquivalent. First operand 595 states. Second operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 456 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:01:03,318 INFO L74 IsIncluded]: Start isIncluded. First operand 595 states. Second operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 456 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:01:03,319 INFO L87 Difference]: Start difference. First operand 595 states. Second operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 456 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:01:03,332 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:03,332 INFO L93 Difference]: Finished difference Result 595 states and 853 transitions. [2022-02-20 18:01:03,332 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 853 transitions. [2022-02-20 18:01:03,333 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:03,333 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:03,334 INFO L74 IsIncluded]: Start isIncluded. First operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 456 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 595 states. [2022-02-20 18:01:03,335 INFO L87 Difference]: Start difference. First operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 456 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 595 states. [2022-02-20 18:01:03,349 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:03,349 INFO L93 Difference]: Finished difference Result 595 states and 853 transitions. [2022-02-20 18:01:03,349 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 853 transitions. [2022-02-20 18:01:03,350 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:03,350 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:03,351 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:03,351 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:03,352 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 456 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:01:03,369 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 594 states to 594 states and 852 transitions. [2022-02-20 18:01:03,369 INFO L78 Accepts]: Start accepts. Automaton has 594 states and 852 transitions. Word has length 168 [2022-02-20 18:01:03,370 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:03,370 INFO L470 AbstractCegarLoop]: Abstraction has 594 states and 852 transitions. [2022-02-20 18:01:03,370 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 28.333333333333332) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:01:03,370 INFO L276 IsEmpty]: Start isEmpty. Operand 594 states and 852 transitions. [2022-02-20 18:01:03,372 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 177 [2022-02-20 18:01:03,372 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:03,372 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:03,406 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:03,586 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable5 [2022-02-20 18:01:03,586 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:03,586 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:03,587 INFO L85 PathProgramCache]: Analyzing trace with hash 1242161006, now seen corresponding path program 1 times [2022-02-20 18:01:03,587 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:03,587 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1309622052] [2022-02-20 18:01:03,587 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:03,587 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:03,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,666 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:01:03,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,672 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25189#true} {25189#true} #1731#return; {25189#true} is VALID [2022-02-20 18:01:03,672 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:01:03,674 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,676 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,676 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,676 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25189#true} {25189#true} #1733#return; {25189#true} is VALID [2022-02-20 18:01:03,676 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:01:03,678 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,679 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,679 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25189#true} {25189#true} #1735#return; {25189#true} is VALID [2022-02-20 18:01:03,680 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:03,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,683 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,683 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25189#true} {25189#true} #1737#return; {25189#true} is VALID [2022-02-20 18:01:03,683 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:01:03,685 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,686 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,686 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,687 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25189#true} {25189#true} #1739#return; {25189#true} is VALID [2022-02-20 18:01:03,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:01:03,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,691 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,691 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,691 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25189#true} {25189#true} #1741#return; {25189#true} is VALID [2022-02-20 18:01:03,691 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:01:03,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,695 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,695 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,695 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25189#true} {25189#true} #1743#return; {25189#true} is VALID [2022-02-20 18:01:03,695 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:01:03,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,701 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,701 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,701 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25189#true} {25189#true} #1745#return; {25189#true} is VALID [2022-02-20 18:01:03,707 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:01:03,717 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,719 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:03,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,721 INFO L290 TraceCheckUtils]: 0: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,722 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,722 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,722 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25189#true} {25189#true} #1729#return; {25189#true} is VALID [2022-02-20 18:01:03,722 INFO L290 TraceCheckUtils]: 0: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25189#true} is VALID [2022-02-20 18:01:03,723 INFO L272 TraceCheckUtils]: 1: Hoare triple {25189#true} call setClientId(~bob___0, ~bob___0); {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:03,723 INFO L290 TraceCheckUtils]: 2: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,723 INFO L290 TraceCheckUtils]: 3: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,723 INFO L290 TraceCheckUtils]: 4: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,723 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25189#true} {25189#true} #1729#return; {25189#true} is VALID [2022-02-20 18:01:03,723 INFO L290 TraceCheckUtils]: 6: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,723 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25189#true} {25189#true} #1747#return; {25189#true} is VALID [2022-02-20 18:01:03,728 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:01:03,730 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,731 INFO L290 TraceCheckUtils]: 0: Hoare triple {25282#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,732 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,732 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,732 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25189#true} {25189#true} #1749#return; {25189#true} is VALID [2022-02-20 18:01:03,732 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:01:03,734 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,746 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:03,748 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,761 INFO L290 TraceCheckUtils]: 0: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25289#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:03,762 INFO L290 TraceCheckUtils]: 1: Hoare triple {25289#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25290#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:03,762 INFO L290 TraceCheckUtils]: 2: Hoare triple {25290#(= |setClientId_#in~handle| 1)} assume true; {25290#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:03,763 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25290#(= |setClientId_#in~handle| 1)} {25283#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1681#return; {25288#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:03,763 INFO L290 TraceCheckUtils]: 0: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25283#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:03,764 INFO L272 TraceCheckUtils]: 1: Hoare triple {25283#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:03,764 INFO L290 TraceCheckUtils]: 2: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25289#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:03,764 INFO L290 TraceCheckUtils]: 3: Hoare triple {25289#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25290#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:03,765 INFO L290 TraceCheckUtils]: 4: Hoare triple {25290#(= |setClientId_#in~handle| 1)} assume true; {25290#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:03,765 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25290#(= |setClientId_#in~handle| 1)} {25283#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1681#return; {25288#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:03,765 INFO L290 TraceCheckUtils]: 6: Hoare triple {25288#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {25288#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:03,766 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25288#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {25228#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1753#return; {25190#false} is VALID [2022-02-20 18:01:03,766 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:01:03,768 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,770 INFO L290 TraceCheckUtils]: 0: Hoare triple {25282#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,770 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,770 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,770 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25189#true} {25190#false} #1755#return; {25190#false} is VALID [2022-02-20 18:01:03,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:01:03,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,774 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:03,774 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,776 INFO L290 TraceCheckUtils]: 0: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,776 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,776 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,776 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25189#true} {25189#true} #1623#return; {25189#true} is VALID [2022-02-20 18:01:03,776 INFO L290 TraceCheckUtils]: 0: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25189#true} is VALID [2022-02-20 18:01:03,777 INFO L272 TraceCheckUtils]: 1: Hoare triple {25189#true} call setClientId(~chuck___0, ~chuck___0); {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:03,777 INFO L290 TraceCheckUtils]: 2: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,777 INFO L290 TraceCheckUtils]: 3: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,777 INFO L290 TraceCheckUtils]: 4: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,777 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25189#true} {25189#true} #1623#return; {25189#true} is VALID [2022-02-20 18:01:03,778 INFO L290 TraceCheckUtils]: 6: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,778 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25189#true} {25190#false} #1759#return; {25190#false} is VALID [2022-02-20 18:01:03,778 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:01:03,779 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,781 INFO L290 TraceCheckUtils]: 0: Hoare triple {25282#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,781 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,782 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,782 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25189#true} {25190#false} #1761#return; {25190#false} is VALID [2022-02-20 18:01:03,788 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:01:03,789 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {25295#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,791 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,791 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,791 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25189#true} {25190#false} #1645#return; {25190#false} is VALID [2022-02-20 18:01:03,798 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 18:01:03,799 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,801 INFO L290 TraceCheckUtils]: 0: Hoare triple {25296#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,801 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,801 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,801 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25189#true} {25190#false} #1647#return; {25190#false} is VALID [2022-02-20 18:01:03,802 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 137 [2022-02-20 18:01:03,802 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,804 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} ~handle := #in~handle;havoc ~retValue_acc~15; {25189#true} is VALID [2022-02-20 18:01:03,804 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {25189#true} is VALID [2022-02-20 18:01:03,804 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,804 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25189#true} {25190#false} #1589#return; {25190#false} is VALID [2022-02-20 18:01:03,804 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 155 [2022-02-20 18:01:03,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,807 INFO L290 TraceCheckUtils]: 0: Hoare triple {25295#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,808 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,808 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,808 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25189#true} {25190#false} #1657#return; {25190#false} is VALID [2022-02-20 18:01:03,808 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 161 [2022-02-20 18:01:03,808 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,810 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} ~handle := #in~handle;havoc ~retValue_acc~33; {25189#true} is VALID [2022-02-20 18:01:03,810 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {25189#true} is VALID [2022-02-20 18:01:03,810 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,810 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25189#true} {25190#false} #1659#return; {25190#false} is VALID [2022-02-20 18:01:03,810 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 168 [2022-02-20 18:01:03,811 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,812 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} ~handle := #in~handle;havoc ~retValue_acc~15; {25189#true} is VALID [2022-02-20 18:01:03,812 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {25189#true} is VALID [2022-02-20 18:01:03,812 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,812 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25189#true} {25190#false} #1661#return; {25190#false} is VALID [2022-02-20 18:01:03,813 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {25189#true} is VALID [2022-02-20 18:01:03,813 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25189#true} is VALID [2022-02-20 18:01:03,813 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {25189#true} is VALID [2022-02-20 18:01:03,813 INFO L272 TraceCheckUtils]: 3: Hoare triple {25189#true} call select_features_#t~ret50#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:03,813 INFO L290 TraceCheckUtils]: 4: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,813 INFO L290 TraceCheckUtils]: 5: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,813 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25189#true} {25189#true} #1731#return; {25189#true} is VALID [2022-02-20 18:01:03,813 INFO L290 TraceCheckUtils]: 7: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {25189#true} is VALID [2022-02-20 18:01:03,814 INFO L272 TraceCheckUtils]: 8: Hoare triple {25189#true} call select_features_#t~ret51#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:03,814 INFO L290 TraceCheckUtils]: 9: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,814 INFO L290 TraceCheckUtils]: 10: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,814 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25189#true} {25189#true} #1733#return; {25189#true} is VALID [2022-02-20 18:01:03,814 INFO L290 TraceCheckUtils]: 12: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {25189#true} is VALID [2022-02-20 18:01:03,814 INFO L272 TraceCheckUtils]: 13: Hoare triple {25189#true} call select_features_#t~ret52#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:03,814 INFO L290 TraceCheckUtils]: 14: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,814 INFO L290 TraceCheckUtils]: 15: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,814 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25189#true} {25189#true} #1735#return; {25189#true} is VALID [2022-02-20 18:01:03,815 INFO L290 TraceCheckUtils]: 17: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {25189#true} is VALID [2022-02-20 18:01:03,815 INFO L272 TraceCheckUtils]: 18: Hoare triple {25189#true} call select_features_#t~ret53#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:03,815 INFO L290 TraceCheckUtils]: 19: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,815 INFO L290 TraceCheckUtils]: 20: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,815 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25189#true} {25189#true} #1737#return; {25189#true} is VALID [2022-02-20 18:01:03,815 INFO L290 TraceCheckUtils]: 22: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {25189#true} is VALID [2022-02-20 18:01:03,815 INFO L272 TraceCheckUtils]: 23: Hoare triple {25189#true} call select_features_#t~ret54#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:03,815 INFO L290 TraceCheckUtils]: 24: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,816 INFO L290 TraceCheckUtils]: 25: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,816 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25189#true} {25189#true} #1739#return; {25189#true} is VALID [2022-02-20 18:01:03,816 INFO L290 TraceCheckUtils]: 27: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {25189#true} is VALID [2022-02-20 18:01:03,816 INFO L272 TraceCheckUtils]: 28: Hoare triple {25189#true} call select_features_#t~ret55#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:03,816 INFO L290 TraceCheckUtils]: 29: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,816 INFO L290 TraceCheckUtils]: 30: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,816 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25189#true} {25189#true} #1741#return; {25189#true} is VALID [2022-02-20 18:01:03,816 INFO L290 TraceCheckUtils]: 32: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {25189#true} is VALID [2022-02-20 18:01:03,816 INFO L272 TraceCheckUtils]: 33: Hoare triple {25189#true} call select_features_#t~ret56#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:03,817 INFO L290 TraceCheckUtils]: 34: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,817 INFO L290 TraceCheckUtils]: 35: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,817 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25189#true} {25189#true} #1743#return; {25189#true} is VALID [2022-02-20 18:01:03,817 INFO L290 TraceCheckUtils]: 37: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {25189#true} is VALID [2022-02-20 18:01:03,817 INFO L272 TraceCheckUtils]: 38: Hoare triple {25189#true} call select_features_#t~ret57#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:03,817 INFO L290 TraceCheckUtils]: 39: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:03,817 INFO L290 TraceCheckUtils]: 40: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,817 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25189#true} {25189#true} #1745#return; {25189#true} is VALID [2022-02-20 18:01:03,817 INFO L290 TraceCheckUtils]: 42: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {25189#true} is VALID [2022-02-20 18:01:03,818 INFO L290 TraceCheckUtils]: 43: Hoare triple {25189#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {25189#true} is VALID [2022-02-20 18:01:03,818 INFO L290 TraceCheckUtils]: 44: Hoare triple {25189#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25189#true} is VALID [2022-02-20 18:01:03,818 INFO L290 TraceCheckUtils]: 45: Hoare triple {25189#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {25189#true} is VALID [2022-02-20 18:01:03,818 INFO L290 TraceCheckUtils]: 46: Hoare triple {25189#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25189#true} is VALID [2022-02-20 18:01:03,818 INFO L290 TraceCheckUtils]: 47: Hoare triple {25189#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {25189#true} is VALID [2022-02-20 18:01:03,818 INFO L290 TraceCheckUtils]: 48: Hoare triple {25189#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {25189#true} is VALID [2022-02-20 18:01:03,818 INFO L290 TraceCheckUtils]: 49: Hoare triple {25189#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {25189#true} is VALID [2022-02-20 18:01:03,818 INFO L290 TraceCheckUtils]: 50: Hoare triple {25189#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {25189#true} is VALID [2022-02-20 18:01:03,818 INFO L290 TraceCheckUtils]: 51: Hoare triple {25189#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {25189#true} is VALID [2022-02-20 18:01:03,818 INFO L290 TraceCheckUtils]: 52: Hoare triple {25189#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {25189#true} is VALID [2022-02-20 18:01:03,819 INFO L290 TraceCheckUtils]: 53: Hoare triple {25189#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~15#1 := 1; {25189#true} is VALID [2022-02-20 18:01:03,819 INFO L290 TraceCheckUtils]: 54: Hoare triple {25189#true} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {25189#true} is VALID [2022-02-20 18:01:03,819 INFO L290 TraceCheckUtils]: 55: Hoare triple {25189#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {25189#true} is VALID [2022-02-20 18:01:03,819 INFO L290 TraceCheckUtils]: 56: Hoare triple {25189#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25189#true} is VALID [2022-02-20 18:01:03,819 INFO L290 TraceCheckUtils]: 57: Hoare triple {25189#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {25189#true} is VALID [2022-02-20 18:01:03,820 INFO L272 TraceCheckUtils]: 58: Hoare triple {25189#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:03,820 INFO L290 TraceCheckUtils]: 59: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25189#true} is VALID [2022-02-20 18:01:03,820 INFO L272 TraceCheckUtils]: 60: Hoare triple {25189#true} call setClientId(~bob___0, ~bob___0); {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:03,821 INFO L290 TraceCheckUtils]: 61: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,821 INFO L290 TraceCheckUtils]: 62: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,821 INFO L290 TraceCheckUtils]: 63: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,821 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25189#true} {25189#true} #1729#return; {25189#true} is VALID [2022-02-20 18:01:03,821 INFO L290 TraceCheckUtils]: 65: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,821 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25189#true} {25189#true} #1747#return; {25189#true} is VALID [2022-02-20 18:01:03,822 INFO L272 TraceCheckUtils]: 67: Hoare triple {25189#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {25282#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:03,822 INFO L290 TraceCheckUtils]: 68: Hoare triple {25282#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,822 INFO L290 TraceCheckUtils]: 69: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,822 INFO L290 TraceCheckUtils]: 70: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,822 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25189#true} {25189#true} #1749#return; {25189#true} is VALID [2022-02-20 18:01:03,822 INFO L290 TraceCheckUtils]: 72: Hoare triple {25189#true} assume { :end_inline_setup_bob__role__Keys } true; {25189#true} is VALID [2022-02-20 18:01:03,823 INFO L290 TraceCheckUtils]: 73: Hoare triple {25189#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25227#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:03,823 INFO L290 TraceCheckUtils]: 74: Hoare triple {25227#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {25228#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:03,823 INFO L272 TraceCheckUtils]: 75: Hoare triple {25228#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:03,824 INFO L290 TraceCheckUtils]: 76: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25283#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:03,824 INFO L272 TraceCheckUtils]: 77: Hoare triple {25283#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:03,825 INFO L290 TraceCheckUtils]: 78: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25289#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:03,825 INFO L290 TraceCheckUtils]: 79: Hoare triple {25289#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25290#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:03,825 INFO L290 TraceCheckUtils]: 80: Hoare triple {25290#(= |setClientId_#in~handle| 1)} assume true; {25290#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:03,826 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25290#(= |setClientId_#in~handle| 1)} {25283#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1681#return; {25288#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:03,826 INFO L290 TraceCheckUtils]: 82: Hoare triple {25288#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {25288#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:03,826 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {25288#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {25228#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1753#return; {25190#false} is VALID [2022-02-20 18:01:03,827 INFO L272 TraceCheckUtils]: 84: Hoare triple {25190#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {25282#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:03,827 INFO L290 TraceCheckUtils]: 85: Hoare triple {25282#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,827 INFO L290 TraceCheckUtils]: 86: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,827 INFO L290 TraceCheckUtils]: 87: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,827 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25189#true} {25190#false} #1755#return; {25190#false} is VALID [2022-02-20 18:01:03,827 INFO L290 TraceCheckUtils]: 89: Hoare triple {25190#false} assume { :end_inline_setup_rjh__role__Keys } true; {25190#false} is VALID [2022-02-20 18:01:03,827 INFO L290 TraceCheckUtils]: 90: Hoare triple {25190#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25190#false} is VALID [2022-02-20 18:01:03,827 INFO L290 TraceCheckUtils]: 91: Hoare triple {25190#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {25190#false} is VALID [2022-02-20 18:01:03,827 INFO L272 TraceCheckUtils]: 92: Hoare triple {25190#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:03,828 INFO L290 TraceCheckUtils]: 93: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25189#true} is VALID [2022-02-20 18:01:03,828 INFO L272 TraceCheckUtils]: 94: Hoare triple {25189#true} call setClientId(~chuck___0, ~chuck___0); {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:03,828 INFO L290 TraceCheckUtils]: 95: Hoare triple {25277#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,828 INFO L290 TraceCheckUtils]: 96: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,828 INFO L290 TraceCheckUtils]: 97: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,829 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {25189#true} {25189#true} #1623#return; {25189#true} is VALID [2022-02-20 18:01:03,829 INFO L290 TraceCheckUtils]: 99: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,829 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {25189#true} {25190#false} #1759#return; {25190#false} is VALID [2022-02-20 18:01:03,829 INFO L272 TraceCheckUtils]: 101: Hoare triple {25190#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {25282#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:03,829 INFO L290 TraceCheckUtils]: 102: Hoare triple {25282#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,829 INFO L290 TraceCheckUtils]: 103: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,829 INFO L290 TraceCheckUtils]: 104: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,829 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {25189#true} {25190#false} #1761#return; {25190#false} is VALID [2022-02-20 18:01:03,829 INFO L290 TraceCheckUtils]: 106: Hoare triple {25190#false} assume { :end_inline_setup_chuck__role__Keys } true; {25190#false} is VALID [2022-02-20 18:01:03,830 INFO L290 TraceCheckUtils]: 107: Hoare triple {25190#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {25190#false} is VALID [2022-02-20 18:01:03,830 INFO L290 TraceCheckUtils]: 108: Hoare triple {25190#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25190#false} is VALID [2022-02-20 18:01:03,830 INFO L290 TraceCheckUtils]: 109: Hoare triple {25190#false} assume !false; {25190#false} is VALID [2022-02-20 18:01:03,830 INFO L290 TraceCheckUtils]: 110: Hoare triple {25190#false} assume test_~splverifierCounter~0#1 < 4; {25190#false} is VALID [2022-02-20 18:01:03,830 INFO L290 TraceCheckUtils]: 111: Hoare triple {25190#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25190#false} is VALID [2022-02-20 18:01:03,830 INFO L290 TraceCheckUtils]: 112: Hoare triple {25190#false} assume !(0 == test_~op1~0#1); {25190#false} is VALID [2022-02-20 18:01:03,830 INFO L290 TraceCheckUtils]: 113: Hoare triple {25190#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {25190#false} is VALID [2022-02-20 18:01:03,830 INFO L290 TraceCheckUtils]: 114: Hoare triple {25190#false} assume 0 != test_~tmp___8~0#1; {25190#false} is VALID [2022-02-20 18:01:03,830 INFO L290 TraceCheckUtils]: 115: Hoare triple {25190#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {25190#false} is VALID [2022-02-20 18:01:03,831 INFO L290 TraceCheckUtils]: 116: Hoare triple {25190#false} test_~op2~0#1 := 1; {25190#false} is VALID [2022-02-20 18:01:03,831 INFO L290 TraceCheckUtils]: 117: Hoare triple {25190#false} assume !false; {25190#false} is VALID [2022-02-20 18:01:03,831 INFO L290 TraceCheckUtils]: 118: Hoare triple {25190#false} assume !(test_~splverifierCounter~0#1 < 4); {25190#false} is VALID [2022-02-20 18:01:03,831 INFO L290 TraceCheckUtils]: 119: Hoare triple {25190#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {25190#false} is VALID [2022-02-20 18:01:03,831 INFO L272 TraceCheckUtils]: 120: Hoare triple {25190#false} call sendEmail(~bob~0, ~rjh~0); {25190#false} is VALID [2022-02-20 18:01:03,831 INFO L290 TraceCheckUtils]: 121: Hoare triple {25190#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25190#false} is VALID [2022-02-20 18:01:03,831 INFO L272 TraceCheckUtils]: 122: Hoare triple {25190#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25295#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:03,831 INFO L290 TraceCheckUtils]: 123: Hoare triple {25295#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,831 INFO L290 TraceCheckUtils]: 124: Hoare triple {25189#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,832 INFO L290 TraceCheckUtils]: 125: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,832 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {25189#true} {25190#false} #1645#return; {25190#false} is VALID [2022-02-20 18:01:03,832 INFO L272 TraceCheckUtils]: 127: Hoare triple {25190#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25296#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:03,832 INFO L290 TraceCheckUtils]: 128: Hoare triple {25296#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,832 INFO L290 TraceCheckUtils]: 129: Hoare triple {25189#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,832 INFO L290 TraceCheckUtils]: 130: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,832 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25189#true} {25190#false} #1647#return; {25190#false} is VALID [2022-02-20 18:01:03,832 INFO L290 TraceCheckUtils]: 132: Hoare triple {25190#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {25190#false} is VALID [2022-02-20 18:01:03,832 INFO L290 TraceCheckUtils]: 133: Hoare triple {25190#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {25190#false} is VALID [2022-02-20 18:01:03,833 INFO L272 TraceCheckUtils]: 134: Hoare triple {25190#false} call outgoing(~sender#1, ~email~0#1); {25190#false} is VALID [2022-02-20 18:01:03,833 INFO L290 TraceCheckUtils]: 135: Hoare triple {25190#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25190#false} is VALID [2022-02-20 18:01:03,833 INFO L290 TraceCheckUtils]: 136: Hoare triple {25190#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {25190#false} is VALID [2022-02-20 18:01:03,833 INFO L272 TraceCheckUtils]: 137: Hoare triple {25190#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {25189#true} is VALID [2022-02-20 18:01:03,833 INFO L290 TraceCheckUtils]: 138: Hoare triple {25189#true} ~handle := #in~handle;havoc ~retValue_acc~15; {25189#true} is VALID [2022-02-20 18:01:03,833 INFO L290 TraceCheckUtils]: 139: Hoare triple {25189#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {25189#true} is VALID [2022-02-20 18:01:03,833 INFO L290 TraceCheckUtils]: 140: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,833 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {25189#true} {25190#false} #1589#return; {25190#false} is VALID [2022-02-20 18:01:03,833 INFO L290 TraceCheckUtils]: 142: Hoare triple {25190#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {25190#false} is VALID [2022-02-20 18:01:03,834 INFO L290 TraceCheckUtils]: 143: Hoare triple {25190#false} assume 0 == sign_~privkey~1#1; {25190#false} is VALID [2022-02-20 18:01:03,834 INFO L290 TraceCheckUtils]: 144: Hoare triple {25190#false} assume { :end_inline_sign } true; {25190#false} is VALID [2022-02-20 18:01:03,834 INFO L272 TraceCheckUtils]: 145: Hoare triple {25190#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {25190#false} is VALID [2022-02-20 18:01:03,834 INFO L290 TraceCheckUtils]: 146: Hoare triple {25190#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25190#false} is VALID [2022-02-20 18:01:03,834 INFO L290 TraceCheckUtils]: 147: Hoare triple {25190#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {25190#false} is VALID [2022-02-20 18:01:03,834 INFO L272 TraceCheckUtils]: 148: Hoare triple {25190#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {25190#false} is VALID [2022-02-20 18:01:03,834 INFO L290 TraceCheckUtils]: 149: Hoare triple {25190#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25190#false} is VALID [2022-02-20 18:01:03,834 INFO L290 TraceCheckUtils]: 150: Hoare triple {25190#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {25190#false} is VALID [2022-02-20 18:01:03,834 INFO L272 TraceCheckUtils]: 151: Hoare triple {25190#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {25190#false} is VALID [2022-02-20 18:01:03,835 INFO L290 TraceCheckUtils]: 152: Hoare triple {25190#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {25190#false} is VALID [2022-02-20 18:01:03,835 INFO L290 TraceCheckUtils]: 153: Hoare triple {25190#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {25190#false} is VALID [2022-02-20 18:01:03,835 INFO L290 TraceCheckUtils]: 154: Hoare triple {25190#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {25190#false} is VALID [2022-02-20 18:01:03,835 INFO L272 TraceCheckUtils]: 155: Hoare triple {25190#false} call setEmailFrom(~msg#1, ~tmp~2#1); {25295#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:03,835 INFO L290 TraceCheckUtils]: 156: Hoare triple {25295#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:03,835 INFO L290 TraceCheckUtils]: 157: Hoare triple {25189#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:03,835 INFO L290 TraceCheckUtils]: 158: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,835 INFO L284 TraceCheckUtils]: 159: Hoare quadruple {25189#true} {25190#false} #1657#return; {25190#false} is VALID [2022-02-20 18:01:03,835 INFO L290 TraceCheckUtils]: 160: Hoare triple {25190#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {25190#false} is VALID [2022-02-20 18:01:03,836 INFO L272 TraceCheckUtils]: 161: Hoare triple {25190#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {25189#true} is VALID [2022-02-20 18:01:03,836 INFO L290 TraceCheckUtils]: 162: Hoare triple {25189#true} ~handle := #in~handle;havoc ~retValue_acc~33; {25189#true} is VALID [2022-02-20 18:01:03,836 INFO L290 TraceCheckUtils]: 163: Hoare triple {25189#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {25189#true} is VALID [2022-02-20 18:01:03,836 INFO L290 TraceCheckUtils]: 164: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,836 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {25189#true} {25190#false} #1659#return; {25190#false} is VALID [2022-02-20 18:01:03,836 INFO L290 TraceCheckUtils]: 166: Hoare triple {25190#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {25190#false} is VALID [2022-02-20 18:01:03,836 INFO L290 TraceCheckUtils]: 167: Hoare triple {25190#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {25190#false} is VALID [2022-02-20 18:01:03,836 INFO L272 TraceCheckUtils]: 168: Hoare triple {25190#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {25189#true} is VALID [2022-02-20 18:01:03,837 INFO L290 TraceCheckUtils]: 169: Hoare triple {25189#true} ~handle := #in~handle;havoc ~retValue_acc~15; {25189#true} is VALID [2022-02-20 18:01:03,837 INFO L290 TraceCheckUtils]: 170: Hoare triple {25189#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {25189#true} is VALID [2022-02-20 18:01:03,837 INFO L290 TraceCheckUtils]: 171: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:03,837 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {25189#true} {25190#false} #1661#return; {25190#false} is VALID [2022-02-20 18:01:03,837 INFO L290 TraceCheckUtils]: 173: Hoare triple {25190#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {25190#false} is VALID [2022-02-20 18:01:03,837 INFO L290 TraceCheckUtils]: 174: Hoare triple {25190#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {25190#false} is VALID [2022-02-20 18:01:03,837 INFO L290 TraceCheckUtils]: 175: Hoare triple {25190#false} assume !false; {25190#false} is VALID [2022-02-20 18:01:03,838 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 18:01:03,838 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:03,838 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1309622052] [2022-02-20 18:01:03,838 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1309622052] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:03,838 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [240905995] [2022-02-20 18:01:03,838 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:03,838 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:03,839 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:03,856 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:03,871 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:01:04,132 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:04,136 INFO L263 TraceCheckSpWp]: Trace formula consists of 1436 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:01:04,196 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:04,199 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:04,491 INFO L290 TraceCheckUtils]: 0: Hoare triple {25189#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {25189#true} is VALID [2022-02-20 18:01:04,492 INFO L290 TraceCheckUtils]: 1: Hoare triple {25189#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25189#true} is VALID [2022-02-20 18:01:04,492 INFO L290 TraceCheckUtils]: 2: Hoare triple {25189#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {25189#true} is VALID [2022-02-20 18:01:04,492 INFO L272 TraceCheckUtils]: 3: Hoare triple {25189#true} call select_features_#t~ret50#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:04,492 INFO L290 TraceCheckUtils]: 4: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:04,492 INFO L290 TraceCheckUtils]: 5: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,492 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25189#true} {25189#true} #1731#return; {25189#true} is VALID [2022-02-20 18:01:04,493 INFO L290 TraceCheckUtils]: 7: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {25189#true} is VALID [2022-02-20 18:01:04,493 INFO L272 TraceCheckUtils]: 8: Hoare triple {25189#true} call select_features_#t~ret51#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:04,493 INFO L290 TraceCheckUtils]: 9: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:04,493 INFO L290 TraceCheckUtils]: 10: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,493 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25189#true} {25189#true} #1733#return; {25189#true} is VALID [2022-02-20 18:01:04,493 INFO L290 TraceCheckUtils]: 12: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {25189#true} is VALID [2022-02-20 18:01:04,493 INFO L272 TraceCheckUtils]: 13: Hoare triple {25189#true} call select_features_#t~ret52#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:04,493 INFO L290 TraceCheckUtils]: 14: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:04,493 INFO L290 TraceCheckUtils]: 15: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,494 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25189#true} {25189#true} #1735#return; {25189#true} is VALID [2022-02-20 18:01:04,494 INFO L290 TraceCheckUtils]: 17: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {25189#true} is VALID [2022-02-20 18:01:04,494 INFO L272 TraceCheckUtils]: 18: Hoare triple {25189#true} call select_features_#t~ret53#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:04,494 INFO L290 TraceCheckUtils]: 19: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:04,494 INFO L290 TraceCheckUtils]: 20: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,494 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25189#true} {25189#true} #1737#return; {25189#true} is VALID [2022-02-20 18:01:04,494 INFO L290 TraceCheckUtils]: 22: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {25189#true} is VALID [2022-02-20 18:01:04,494 INFO L272 TraceCheckUtils]: 23: Hoare triple {25189#true} call select_features_#t~ret54#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:04,494 INFO L290 TraceCheckUtils]: 24: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:04,495 INFO L290 TraceCheckUtils]: 25: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,495 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25189#true} {25189#true} #1739#return; {25189#true} is VALID [2022-02-20 18:01:04,495 INFO L290 TraceCheckUtils]: 27: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {25189#true} is VALID [2022-02-20 18:01:04,495 INFO L272 TraceCheckUtils]: 28: Hoare triple {25189#true} call select_features_#t~ret55#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:04,495 INFO L290 TraceCheckUtils]: 29: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:04,495 INFO L290 TraceCheckUtils]: 30: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,495 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25189#true} {25189#true} #1741#return; {25189#true} is VALID [2022-02-20 18:01:04,495 INFO L290 TraceCheckUtils]: 32: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {25189#true} is VALID [2022-02-20 18:01:04,495 INFO L272 TraceCheckUtils]: 33: Hoare triple {25189#true} call select_features_#t~ret56#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:04,496 INFO L290 TraceCheckUtils]: 34: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:04,496 INFO L290 TraceCheckUtils]: 35: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,496 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25189#true} {25189#true} #1743#return; {25189#true} is VALID [2022-02-20 18:01:04,496 INFO L290 TraceCheckUtils]: 37: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {25189#true} is VALID [2022-02-20 18:01:04,496 INFO L272 TraceCheckUtils]: 38: Hoare triple {25189#true} call select_features_#t~ret57#1 := select_one(); {25189#true} is VALID [2022-02-20 18:01:04,496 INFO L290 TraceCheckUtils]: 39: Hoare triple {25189#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {25189#true} is VALID [2022-02-20 18:01:04,496 INFO L290 TraceCheckUtils]: 40: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,496 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25189#true} {25189#true} #1745#return; {25189#true} is VALID [2022-02-20 18:01:04,496 INFO L290 TraceCheckUtils]: 42: Hoare triple {25189#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {25189#true} is VALID [2022-02-20 18:01:04,497 INFO L290 TraceCheckUtils]: 43: Hoare triple {25189#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {25189#true} is VALID [2022-02-20 18:01:04,497 INFO L290 TraceCheckUtils]: 44: Hoare triple {25189#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25189#true} is VALID [2022-02-20 18:01:04,497 INFO L290 TraceCheckUtils]: 45: Hoare triple {25189#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {25189#true} is VALID [2022-02-20 18:01:04,497 INFO L290 TraceCheckUtils]: 46: Hoare triple {25189#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {25189#true} is VALID [2022-02-20 18:01:04,497 INFO L290 TraceCheckUtils]: 47: Hoare triple {25189#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {25189#true} is VALID [2022-02-20 18:01:04,507 INFO L290 TraceCheckUtils]: 48: Hoare triple {25189#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {25189#true} is VALID [2022-02-20 18:01:04,507 INFO L290 TraceCheckUtils]: 49: Hoare triple {25189#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {25189#true} is VALID [2022-02-20 18:01:04,507 INFO L290 TraceCheckUtils]: 50: Hoare triple {25189#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {25189#true} is VALID [2022-02-20 18:01:04,507 INFO L290 TraceCheckUtils]: 51: Hoare triple {25189#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {25189#true} is VALID [2022-02-20 18:01:04,507 INFO L290 TraceCheckUtils]: 52: Hoare triple {25189#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {25189#true} is VALID [2022-02-20 18:01:04,507 INFO L290 TraceCheckUtils]: 53: Hoare triple {25189#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~15#1 := 1; {25189#true} is VALID [2022-02-20 18:01:04,507 INFO L290 TraceCheckUtils]: 54: Hoare triple {25189#true} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {25189#true} is VALID [2022-02-20 18:01:04,507 INFO L290 TraceCheckUtils]: 55: Hoare triple {25189#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {25189#true} is VALID [2022-02-20 18:01:04,507 INFO L290 TraceCheckUtils]: 56: Hoare triple {25189#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25189#true} is VALID [2022-02-20 18:01:04,508 INFO L290 TraceCheckUtils]: 57: Hoare triple {25189#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {25189#true} is VALID [2022-02-20 18:01:04,508 INFO L272 TraceCheckUtils]: 58: Hoare triple {25189#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {25189#true} is VALID [2022-02-20 18:01:04,508 INFO L290 TraceCheckUtils]: 59: Hoare triple {25189#true} ~bob___0 := #in~bob___0; {25189#true} is VALID [2022-02-20 18:01:04,508 INFO L272 TraceCheckUtils]: 60: Hoare triple {25189#true} call setClientId(~bob___0, ~bob___0); {25189#true} is VALID [2022-02-20 18:01:04,508 INFO L290 TraceCheckUtils]: 61: Hoare triple {25189#true} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:04,508 INFO L290 TraceCheckUtils]: 62: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:04,508 INFO L290 TraceCheckUtils]: 63: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,508 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25189#true} {25189#true} #1729#return; {25189#true} is VALID [2022-02-20 18:01:04,508 INFO L290 TraceCheckUtils]: 65: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,509 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25189#true} {25189#true} #1747#return; {25189#true} is VALID [2022-02-20 18:01:04,509 INFO L272 TraceCheckUtils]: 67: Hoare triple {25189#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {25189#true} is VALID [2022-02-20 18:01:04,509 INFO L290 TraceCheckUtils]: 68: Hoare triple {25189#true} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:04,509 INFO L290 TraceCheckUtils]: 69: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:04,509 INFO L290 TraceCheckUtils]: 70: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,509 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25189#true} {25189#true} #1749#return; {25189#true} is VALID [2022-02-20 18:01:04,509 INFO L290 TraceCheckUtils]: 72: Hoare triple {25189#true} assume { :end_inline_setup_bob__role__Keys } true; {25189#true} is VALID [2022-02-20 18:01:04,509 INFO L290 TraceCheckUtils]: 73: Hoare triple {25189#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25189#true} is VALID [2022-02-20 18:01:04,509 INFO L290 TraceCheckUtils]: 74: Hoare triple {25189#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {25189#true} is VALID [2022-02-20 18:01:04,510 INFO L272 TraceCheckUtils]: 75: Hoare triple {25189#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {25189#true} is VALID [2022-02-20 18:01:04,510 INFO L290 TraceCheckUtils]: 76: Hoare triple {25189#true} ~rjh___0 := #in~rjh___0; {25189#true} is VALID [2022-02-20 18:01:04,510 INFO L272 TraceCheckUtils]: 77: Hoare triple {25189#true} call setClientId(~rjh___0, ~rjh___0); {25189#true} is VALID [2022-02-20 18:01:04,510 INFO L290 TraceCheckUtils]: 78: Hoare triple {25189#true} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:04,510 INFO L290 TraceCheckUtils]: 79: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:04,510 INFO L290 TraceCheckUtils]: 80: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,510 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25189#true} {25189#true} #1681#return; {25189#true} is VALID [2022-02-20 18:01:04,510 INFO L290 TraceCheckUtils]: 82: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,510 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {25189#true} {25189#true} #1753#return; {25189#true} is VALID [2022-02-20 18:01:04,510 INFO L272 TraceCheckUtils]: 84: Hoare triple {25189#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {25189#true} is VALID [2022-02-20 18:01:04,511 INFO L290 TraceCheckUtils]: 85: Hoare triple {25189#true} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:04,511 INFO L290 TraceCheckUtils]: 86: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:04,511 INFO L290 TraceCheckUtils]: 87: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,511 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25189#true} {25189#true} #1755#return; {25189#true} is VALID [2022-02-20 18:01:04,511 INFO L290 TraceCheckUtils]: 89: Hoare triple {25189#true} assume { :end_inline_setup_rjh__role__Keys } true; {25189#true} is VALID [2022-02-20 18:01:04,511 INFO L290 TraceCheckUtils]: 90: Hoare triple {25189#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25189#true} is VALID [2022-02-20 18:01:04,511 INFO L290 TraceCheckUtils]: 91: Hoare triple {25189#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {25189#true} is VALID [2022-02-20 18:01:04,511 INFO L272 TraceCheckUtils]: 92: Hoare triple {25189#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {25189#true} is VALID [2022-02-20 18:01:04,511 INFO L290 TraceCheckUtils]: 93: Hoare triple {25189#true} ~chuck___0 := #in~chuck___0; {25189#true} is VALID [2022-02-20 18:01:04,512 INFO L272 TraceCheckUtils]: 94: Hoare triple {25189#true} call setClientId(~chuck___0, ~chuck___0); {25189#true} is VALID [2022-02-20 18:01:04,512 INFO L290 TraceCheckUtils]: 95: Hoare triple {25189#true} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:04,512 INFO L290 TraceCheckUtils]: 96: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:04,512 INFO L290 TraceCheckUtils]: 97: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,512 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {25189#true} {25189#true} #1623#return; {25189#true} is VALID [2022-02-20 18:01:04,512 INFO L290 TraceCheckUtils]: 99: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,512 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {25189#true} {25189#true} #1759#return; {25189#true} is VALID [2022-02-20 18:01:04,512 INFO L272 TraceCheckUtils]: 101: Hoare triple {25189#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {25189#true} is VALID [2022-02-20 18:01:04,512 INFO L290 TraceCheckUtils]: 102: Hoare triple {25189#true} ~handle := #in~handle;~value := #in~value; {25189#true} is VALID [2022-02-20 18:01:04,513 INFO L290 TraceCheckUtils]: 103: Hoare triple {25189#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25189#true} is VALID [2022-02-20 18:01:04,513 INFO L290 TraceCheckUtils]: 104: Hoare triple {25189#true} assume true; {25189#true} is VALID [2022-02-20 18:01:04,513 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {25189#true} {25189#true} #1761#return; {25189#true} is VALID [2022-02-20 18:01:04,513 INFO L290 TraceCheckUtils]: 106: Hoare triple {25189#true} assume { :end_inline_setup_chuck__role__Keys } true; {25189#true} is VALID [2022-02-20 18:01:04,513 INFO L290 TraceCheckUtils]: 107: Hoare triple {25189#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {25189#true} is VALID [2022-02-20 18:01:04,519 INFO L290 TraceCheckUtils]: 108: Hoare triple {25189#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25624#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:04,520 INFO L290 TraceCheckUtils]: 109: Hoare triple {25624#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {25624#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:04,520 INFO L290 TraceCheckUtils]: 110: Hoare triple {25624#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {25624#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:04,520 INFO L290 TraceCheckUtils]: 111: Hoare triple {25624#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25624#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:04,521 INFO L290 TraceCheckUtils]: 112: Hoare triple {25624#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {25190#false} is VALID [2022-02-20 18:01:04,521 INFO L290 TraceCheckUtils]: 113: Hoare triple {25190#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {25190#false} is VALID [2022-02-20 18:01:04,521 INFO L290 TraceCheckUtils]: 114: Hoare triple {25190#false} assume 0 != test_~tmp___8~0#1; {25190#false} is VALID [2022-02-20 18:01:04,521 INFO L290 TraceCheckUtils]: 115: Hoare triple {25190#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {25190#false} is VALID [2022-02-20 18:01:04,521 INFO L290 TraceCheckUtils]: 116: Hoare triple {25190#false} test_~op2~0#1 := 1; {25190#false} is VALID [2022-02-20 18:01:04,521 INFO L290 TraceCheckUtils]: 117: Hoare triple {25190#false} assume !false; {25190#false} is VALID [2022-02-20 18:01:04,521 INFO L290 TraceCheckUtils]: 118: Hoare triple {25190#false} assume !(test_~splverifierCounter~0#1 < 4); {25190#false} is VALID [2022-02-20 18:01:04,521 INFO L290 TraceCheckUtils]: 119: Hoare triple {25190#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {25190#false} is VALID [2022-02-20 18:01:04,522 INFO L272 TraceCheckUtils]: 120: Hoare triple {25190#false} call sendEmail(~bob~0, ~rjh~0); {25190#false} is VALID [2022-02-20 18:01:04,522 INFO L290 TraceCheckUtils]: 121: Hoare triple {25190#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25190#false} is VALID [2022-02-20 18:01:04,522 INFO L272 TraceCheckUtils]: 122: Hoare triple {25190#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25190#false} is VALID [2022-02-20 18:01:04,522 INFO L290 TraceCheckUtils]: 123: Hoare triple {25190#false} ~handle := #in~handle;~value := #in~value; {25190#false} is VALID [2022-02-20 18:01:04,522 INFO L290 TraceCheckUtils]: 124: Hoare triple {25190#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25190#false} is VALID [2022-02-20 18:01:04,522 INFO L290 TraceCheckUtils]: 125: Hoare triple {25190#false} assume true; {25190#false} is VALID [2022-02-20 18:01:04,523 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {25190#false} {25190#false} #1645#return; {25190#false} is VALID [2022-02-20 18:01:04,523 INFO L272 TraceCheckUtils]: 127: Hoare triple {25190#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25190#false} is VALID [2022-02-20 18:01:04,523 INFO L290 TraceCheckUtils]: 128: Hoare triple {25190#false} ~handle := #in~handle;~value := #in~value; {25190#false} is VALID [2022-02-20 18:01:04,523 INFO L290 TraceCheckUtils]: 129: Hoare triple {25190#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25190#false} is VALID [2022-02-20 18:01:04,523 INFO L290 TraceCheckUtils]: 130: Hoare triple {25190#false} assume true; {25190#false} is VALID [2022-02-20 18:01:04,523 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25190#false} {25190#false} #1647#return; {25190#false} is VALID [2022-02-20 18:01:04,523 INFO L290 TraceCheckUtils]: 132: Hoare triple {25190#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {25190#false} is VALID [2022-02-20 18:01:04,523 INFO L290 TraceCheckUtils]: 133: Hoare triple {25190#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {25190#false} is VALID [2022-02-20 18:01:04,523 INFO L272 TraceCheckUtils]: 134: Hoare triple {25190#false} call outgoing(~sender#1, ~email~0#1); {25190#false} is VALID [2022-02-20 18:01:04,524 INFO L290 TraceCheckUtils]: 135: Hoare triple {25190#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25190#false} is VALID [2022-02-20 18:01:04,524 INFO L290 TraceCheckUtils]: 136: Hoare triple {25190#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {25190#false} is VALID [2022-02-20 18:01:04,524 INFO L272 TraceCheckUtils]: 137: Hoare triple {25190#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {25190#false} is VALID [2022-02-20 18:01:04,524 INFO L290 TraceCheckUtils]: 138: Hoare triple {25190#false} ~handle := #in~handle;havoc ~retValue_acc~15; {25190#false} is VALID [2022-02-20 18:01:04,524 INFO L290 TraceCheckUtils]: 139: Hoare triple {25190#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {25190#false} is VALID [2022-02-20 18:01:04,524 INFO L290 TraceCheckUtils]: 140: Hoare triple {25190#false} assume true; {25190#false} is VALID [2022-02-20 18:01:04,524 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {25190#false} {25190#false} #1589#return; {25190#false} is VALID [2022-02-20 18:01:04,524 INFO L290 TraceCheckUtils]: 142: Hoare triple {25190#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {25190#false} is VALID [2022-02-20 18:01:04,524 INFO L290 TraceCheckUtils]: 143: Hoare triple {25190#false} assume 0 == sign_~privkey~1#1; {25190#false} is VALID [2022-02-20 18:01:04,524 INFO L290 TraceCheckUtils]: 144: Hoare triple {25190#false} assume { :end_inline_sign } true; {25190#false} is VALID [2022-02-20 18:01:04,525 INFO L272 TraceCheckUtils]: 145: Hoare triple {25190#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {25190#false} is VALID [2022-02-20 18:01:04,525 INFO L290 TraceCheckUtils]: 146: Hoare triple {25190#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25190#false} is VALID [2022-02-20 18:01:04,525 INFO L290 TraceCheckUtils]: 147: Hoare triple {25190#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {25190#false} is VALID [2022-02-20 18:01:04,525 INFO L272 TraceCheckUtils]: 148: Hoare triple {25190#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {25190#false} is VALID [2022-02-20 18:01:04,525 INFO L290 TraceCheckUtils]: 149: Hoare triple {25190#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25190#false} is VALID [2022-02-20 18:01:04,525 INFO L290 TraceCheckUtils]: 150: Hoare triple {25190#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {25190#false} is VALID [2022-02-20 18:01:04,525 INFO L272 TraceCheckUtils]: 151: Hoare triple {25190#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {25190#false} is VALID [2022-02-20 18:01:04,525 INFO L290 TraceCheckUtils]: 152: Hoare triple {25190#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {25190#false} is VALID [2022-02-20 18:01:04,525 INFO L290 TraceCheckUtils]: 153: Hoare triple {25190#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {25190#false} is VALID [2022-02-20 18:01:04,526 INFO L290 TraceCheckUtils]: 154: Hoare triple {25190#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {25190#false} is VALID [2022-02-20 18:01:04,526 INFO L272 TraceCheckUtils]: 155: Hoare triple {25190#false} call setEmailFrom(~msg#1, ~tmp~2#1); {25190#false} is VALID [2022-02-20 18:01:04,526 INFO L290 TraceCheckUtils]: 156: Hoare triple {25190#false} ~handle := #in~handle;~value := #in~value; {25190#false} is VALID [2022-02-20 18:01:04,526 INFO L290 TraceCheckUtils]: 157: Hoare triple {25190#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25190#false} is VALID [2022-02-20 18:01:04,526 INFO L290 TraceCheckUtils]: 158: Hoare triple {25190#false} assume true; {25190#false} is VALID [2022-02-20 18:01:04,526 INFO L284 TraceCheckUtils]: 159: Hoare quadruple {25190#false} {25190#false} #1657#return; {25190#false} is VALID [2022-02-20 18:01:04,526 INFO L290 TraceCheckUtils]: 160: Hoare triple {25190#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {25190#false} is VALID [2022-02-20 18:01:04,526 INFO L272 TraceCheckUtils]: 161: Hoare triple {25190#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {25190#false} is VALID [2022-02-20 18:01:04,526 INFO L290 TraceCheckUtils]: 162: Hoare triple {25190#false} ~handle := #in~handle;havoc ~retValue_acc~33; {25190#false} is VALID [2022-02-20 18:01:04,527 INFO L290 TraceCheckUtils]: 163: Hoare triple {25190#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {25190#false} is VALID [2022-02-20 18:01:04,527 INFO L290 TraceCheckUtils]: 164: Hoare triple {25190#false} assume true; {25190#false} is VALID [2022-02-20 18:01:04,532 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {25190#false} {25190#false} #1659#return; {25190#false} is VALID [2022-02-20 18:01:04,532 INFO L290 TraceCheckUtils]: 166: Hoare triple {25190#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {25190#false} is VALID [2022-02-20 18:01:04,533 INFO L290 TraceCheckUtils]: 167: Hoare triple {25190#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {25190#false} is VALID [2022-02-20 18:01:04,533 INFO L272 TraceCheckUtils]: 168: Hoare triple {25190#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {25190#false} is VALID [2022-02-20 18:01:04,533 INFO L290 TraceCheckUtils]: 169: Hoare triple {25190#false} ~handle := #in~handle;havoc ~retValue_acc~15; {25190#false} is VALID [2022-02-20 18:01:04,533 INFO L290 TraceCheckUtils]: 170: Hoare triple {25190#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {25190#false} is VALID [2022-02-20 18:01:04,533 INFO L290 TraceCheckUtils]: 171: Hoare triple {25190#false} assume true; {25190#false} is VALID [2022-02-20 18:01:04,533 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {25190#false} {25190#false} #1661#return; {25190#false} is VALID [2022-02-20 18:01:04,533 INFO L290 TraceCheckUtils]: 173: Hoare triple {25190#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {25190#false} is VALID [2022-02-20 18:01:04,534 INFO L290 TraceCheckUtils]: 174: Hoare triple {25190#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {25190#false} is VALID [2022-02-20 18:01:04,534 INFO L290 TraceCheckUtils]: 175: Hoare triple {25190#false} assume !false; {25190#false} is VALID [2022-02-20 18:01:04,535 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 116 trivial. 0 not checked. [2022-02-20 18:01:04,535 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:04,535 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [240905995] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:04,535 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:04,535 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 18:01:04,536 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2133491914] [2022-02-20 18:01:04,536 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:04,536 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 176 [2022-02-20 18:01:04,538 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:04,538 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:01:04,598 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 144 edges. 144 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:04,598 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:01:04,598 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:04,599 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:01:04,599 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:01:04,599 INFO L87 Difference]: Start difference. First operand 594 states and 852 transitions. Second operand has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:01:05,150 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:05,158 INFO L93 Difference]: Finished difference Result 1208 states and 1765 transitions. [2022-02-20 18:01:05,159 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:01:05,159 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 176 [2022-02-20 18:01:05,159 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:05,159 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:01:05,172 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1761 transitions. [2022-02-20 18:01:05,175 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:01:05,188 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1761 transitions. [2022-02-20 18:01:05,188 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1761 transitions. [2022-02-20 18:01:06,025 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1761 edges. 1761 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:06,058 INFO L225 Difference]: With dead ends: 1208 [2022-02-20 18:01:06,058 INFO L226 Difference]: Without dead ends: 692 [2022-02-20 18:01:06,082 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 227 GetRequests, 216 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:01:06,083 INFO L933 BasicCegarLoop]: 877 mSDtfsCounter, 165 mSDsluCounter, 801 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 1678 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:06,083 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 1678 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:06,084 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 692 states. [2022-02-20 18:01:06,122 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 692 to 684. [2022-02-20 18:01:06,122 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:06,124 INFO L82 GeneralOperation]: Start isEquivalent. First operand 692 states. Second operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 532 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 18:01:06,125 INFO L74 IsIncluded]: Start isIncluded. First operand 692 states. Second operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 532 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 18:01:06,126 INFO L87 Difference]: Start difference. First operand 692 states. Second operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 532 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 18:01:06,141 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:06,142 INFO L93 Difference]: Finished difference Result 692 states and 1007 transitions. [2022-02-20 18:01:06,142 INFO L276 IsEmpty]: Start isEmpty. Operand 692 states and 1007 transitions. [2022-02-20 18:01:06,143 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:06,143 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:06,145 INFO L74 IsIncluded]: Start isIncluded. First operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 532 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) Second operand 692 states. [2022-02-20 18:01:06,145 INFO L87 Difference]: Start difference. First operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 532 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) Second operand 692 states. [2022-02-20 18:01:06,161 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:06,161 INFO L93 Difference]: Finished difference Result 692 states and 1007 transitions. [2022-02-20 18:01:06,161 INFO L276 IsEmpty]: Start isEmpty. Operand 692 states and 1007 transitions. [2022-02-20 18:01:06,163 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:06,163 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:06,163 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:06,163 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:06,164 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 532 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 18:01:06,185 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 684 states to 684 states and 998 transitions. [2022-02-20 18:01:06,185 INFO L78 Accepts]: Start accepts. Automaton has 684 states and 998 transitions. Word has length 176 [2022-02-20 18:01:06,186 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:06,186 INFO L470 AbstractCegarLoop]: Abstraction has 684 states and 998 transitions. [2022-02-20 18:01:06,186 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:01:06,186 INFO L276 IsEmpty]: Start isEmpty. Operand 684 states and 998 transitions. [2022-02-20 18:01:06,188 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 178 [2022-02-20 18:01:06,188 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:06,188 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:06,221 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:06,420 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable6 [2022-02-20 18:01:06,421 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:06,421 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:06,421 INFO L85 PathProgramCache]: Analyzing trace with hash 1421540224, now seen corresponding path program 1 times [2022-02-20 18:01:06,421 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:06,421 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1988772223] [2022-02-20 18:01:06,421 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:06,422 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:06,473 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,536 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:01:06,538 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,540 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,540 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,540 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29811#true} {29811#true} #1731#return; {29811#true} is VALID [2022-02-20 18:01:06,540 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:01:06,578 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,581 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,581 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,581 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29811#true} {29811#true} #1733#return; {29811#true} is VALID [2022-02-20 18:01:06,581 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:01:06,583 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,585 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,585 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,585 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29811#true} {29811#true} #1735#return; {29811#true} is VALID [2022-02-20 18:01:06,585 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:06,587 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,588 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,588 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,588 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29811#true} {29811#true} #1737#return; {29811#true} is VALID [2022-02-20 18:01:06,589 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:01:06,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,592 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,592 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,592 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29811#true} {29811#true} #1739#return; {29811#true} is VALID [2022-02-20 18:01:06,592 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:01:06,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,595 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,595 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,595 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29811#true} {29811#true} #1741#return; {29811#true} is VALID [2022-02-20 18:01:06,595 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:01:06,597 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,598 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,598 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,598 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29811#true} {29811#true} #1743#return; {29811#true} is VALID [2022-02-20 18:01:06,598 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:01:06,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,604 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,604 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29811#true} {29811#true} #1745#return; {29811#true} is VALID [2022-02-20 18:01:06,609 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:01:06,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,612 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:06,613 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,614 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,614 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,615 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29811#true} {29811#true} #1729#return; {29811#true} is VALID [2022-02-20 18:01:06,615 INFO L290 TraceCheckUtils]: 0: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {29811#true} is VALID [2022-02-20 18:01:06,616 INFO L272 TraceCheckUtils]: 1: Hoare triple {29811#true} call setClientId(~bob___0, ~bob___0); {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:06,616 INFO L290 TraceCheckUtils]: 2: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,616 INFO L290 TraceCheckUtils]: 3: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,616 INFO L290 TraceCheckUtils]: 4: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,616 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29811#true} {29811#true} #1729#return; {29811#true} is VALID [2022-02-20 18:01:06,616 INFO L290 TraceCheckUtils]: 6: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,616 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {29811#true} {29811#true} #1747#return; {29811#true} is VALID [2022-02-20 18:01:06,622 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:01:06,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,625 INFO L290 TraceCheckUtils]: 0: Hoare triple {29904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,625 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,625 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,625 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29811#true} {29811#true} #1749#return; {29811#true} is VALID [2022-02-20 18:01:06,625 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:01:06,627 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,637 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:06,638 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,654 INFO L290 TraceCheckUtils]: 0: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29911#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:06,654 INFO L290 TraceCheckUtils]: 1: Hoare triple {29911#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29912#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:06,655 INFO L290 TraceCheckUtils]: 2: Hoare triple {29912#(= |setClientId_#in~handle| 1)} assume true; {29912#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:06,655 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29912#(= |setClientId_#in~handle| 1)} {29905#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1681#return; {29910#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:06,656 INFO L290 TraceCheckUtils]: 0: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {29905#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:06,657 INFO L272 TraceCheckUtils]: 1: Hoare triple {29905#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:06,657 INFO L290 TraceCheckUtils]: 2: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29911#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:06,657 INFO L290 TraceCheckUtils]: 3: Hoare triple {29911#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29912#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:06,657 INFO L290 TraceCheckUtils]: 4: Hoare triple {29912#(= |setClientId_#in~handle| 1)} assume true; {29912#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:06,658 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29912#(= |setClientId_#in~handle| 1)} {29905#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1681#return; {29910#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:06,658 INFO L290 TraceCheckUtils]: 6: Hoare triple {29910#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {29910#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:06,659 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {29910#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {29850#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1753#return; {29812#false} is VALID [2022-02-20 18:01:06,659 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:01:06,660 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,662 INFO L290 TraceCheckUtils]: 0: Hoare triple {29904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,663 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,663 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,664 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29811#true} {29812#false} #1755#return; {29812#false} is VALID [2022-02-20 18:01:06,664 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:01:06,665 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,667 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:06,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,669 INFO L290 TraceCheckUtils]: 0: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,669 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,669 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,670 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29811#true} {29811#true} #1623#return; {29811#true} is VALID [2022-02-20 18:01:06,670 INFO L290 TraceCheckUtils]: 0: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {29811#true} is VALID [2022-02-20 18:01:06,670 INFO L272 TraceCheckUtils]: 1: Hoare triple {29811#true} call setClientId(~chuck___0, ~chuck___0); {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:06,670 INFO L290 TraceCheckUtils]: 2: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,670 INFO L290 TraceCheckUtils]: 3: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,671 INFO L290 TraceCheckUtils]: 4: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,671 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29811#true} {29811#true} #1623#return; {29811#true} is VALID [2022-02-20 18:01:06,671 INFO L290 TraceCheckUtils]: 6: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,671 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {29811#true} {29812#false} #1759#return; {29812#false} is VALID [2022-02-20 18:01:06,671 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:01:06,672 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {29904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,674 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,674 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,674 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29811#true} {29812#false} #1761#return; {29812#false} is VALID [2022-02-20 18:01:06,681 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:01:06,682 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,684 INFO L290 TraceCheckUtils]: 0: Hoare triple {29917#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,684 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,684 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,684 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29811#true} {29812#false} #1645#return; {29812#false} is VALID [2022-02-20 18:01:06,691 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 18:01:06,692 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,694 INFO L290 TraceCheckUtils]: 0: Hoare triple {29918#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,694 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,694 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,694 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29811#true} {29812#false} #1647#return; {29812#false} is VALID [2022-02-20 18:01:06,695 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 18:01:06,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,697 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} ~handle := #in~handle;havoc ~retValue_acc~15; {29811#true} is VALID [2022-02-20 18:01:06,697 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {29811#true} is VALID [2022-02-20 18:01:06,697 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,697 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29811#true} {29812#false} #1589#return; {29812#false} is VALID [2022-02-20 18:01:06,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 156 [2022-02-20 18:01:06,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {29917#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,699 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,699 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,700 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29811#true} {29812#false} #1657#return; {29812#false} is VALID [2022-02-20 18:01:06,700 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 162 [2022-02-20 18:01:06,700 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,702 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} ~handle := #in~handle;havoc ~retValue_acc~33; {29811#true} is VALID [2022-02-20 18:01:06,702 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {29811#true} is VALID [2022-02-20 18:01:06,702 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,702 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29811#true} {29812#false} #1659#return; {29812#false} is VALID [2022-02-20 18:01:06,702 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 169 [2022-02-20 18:01:06,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:06,704 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} ~handle := #in~handle;havoc ~retValue_acc~15; {29811#true} is VALID [2022-02-20 18:01:06,705 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {29811#true} is VALID [2022-02-20 18:01:06,705 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,705 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29811#true} {29812#false} #1661#return; {29812#false} is VALID [2022-02-20 18:01:06,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {29811#true} is VALID [2022-02-20 18:01:06,705 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {29811#true} is VALID [2022-02-20 18:01:06,705 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {29811#true} is VALID [2022-02-20 18:01:06,705 INFO L272 TraceCheckUtils]: 3: Hoare triple {29811#true} call select_features_#t~ret50#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:06,705 INFO L290 TraceCheckUtils]: 4: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,706 INFO L290 TraceCheckUtils]: 5: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,706 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {29811#true} {29811#true} #1731#return; {29811#true} is VALID [2022-02-20 18:01:06,706 INFO L290 TraceCheckUtils]: 7: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {29811#true} is VALID [2022-02-20 18:01:06,706 INFO L272 TraceCheckUtils]: 8: Hoare triple {29811#true} call select_features_#t~ret51#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:06,706 INFO L290 TraceCheckUtils]: 9: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,706 INFO L290 TraceCheckUtils]: 10: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,706 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {29811#true} {29811#true} #1733#return; {29811#true} is VALID [2022-02-20 18:01:06,706 INFO L290 TraceCheckUtils]: 12: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {29811#true} is VALID [2022-02-20 18:01:06,706 INFO L272 TraceCheckUtils]: 13: Hoare triple {29811#true} call select_features_#t~ret52#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:06,707 INFO L290 TraceCheckUtils]: 14: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,707 INFO L290 TraceCheckUtils]: 15: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,707 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29811#true} {29811#true} #1735#return; {29811#true} is VALID [2022-02-20 18:01:06,707 INFO L290 TraceCheckUtils]: 17: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {29811#true} is VALID [2022-02-20 18:01:06,707 INFO L272 TraceCheckUtils]: 18: Hoare triple {29811#true} call select_features_#t~ret53#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:06,707 INFO L290 TraceCheckUtils]: 19: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,707 INFO L290 TraceCheckUtils]: 20: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,707 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {29811#true} {29811#true} #1737#return; {29811#true} is VALID [2022-02-20 18:01:06,707 INFO L290 TraceCheckUtils]: 22: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {29811#true} is VALID [2022-02-20 18:01:06,707 INFO L272 TraceCheckUtils]: 23: Hoare triple {29811#true} call select_features_#t~ret54#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:06,708 INFO L290 TraceCheckUtils]: 24: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,708 INFO L290 TraceCheckUtils]: 25: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,708 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {29811#true} {29811#true} #1739#return; {29811#true} is VALID [2022-02-20 18:01:06,708 INFO L290 TraceCheckUtils]: 27: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {29811#true} is VALID [2022-02-20 18:01:06,708 INFO L272 TraceCheckUtils]: 28: Hoare triple {29811#true} call select_features_#t~ret55#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:06,708 INFO L290 TraceCheckUtils]: 29: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,708 INFO L290 TraceCheckUtils]: 30: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,708 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {29811#true} {29811#true} #1741#return; {29811#true} is VALID [2022-02-20 18:01:06,708 INFO L290 TraceCheckUtils]: 32: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {29811#true} is VALID [2022-02-20 18:01:06,709 INFO L272 TraceCheckUtils]: 33: Hoare triple {29811#true} call select_features_#t~ret56#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:06,709 INFO L290 TraceCheckUtils]: 34: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,709 INFO L290 TraceCheckUtils]: 35: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,709 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {29811#true} {29811#true} #1743#return; {29811#true} is VALID [2022-02-20 18:01:06,709 INFO L290 TraceCheckUtils]: 37: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {29811#true} is VALID [2022-02-20 18:01:06,709 INFO L272 TraceCheckUtils]: 38: Hoare triple {29811#true} call select_features_#t~ret57#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:06,709 INFO L290 TraceCheckUtils]: 39: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:06,709 INFO L290 TraceCheckUtils]: 40: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,709 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {29811#true} {29811#true} #1745#return; {29811#true} is VALID [2022-02-20 18:01:06,710 INFO L290 TraceCheckUtils]: 42: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {29811#true} is VALID [2022-02-20 18:01:06,710 INFO L290 TraceCheckUtils]: 43: Hoare triple {29811#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {29811#true} is VALID [2022-02-20 18:01:06,710 INFO L290 TraceCheckUtils]: 44: Hoare triple {29811#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {29811#true} is VALID [2022-02-20 18:01:06,710 INFO L290 TraceCheckUtils]: 45: Hoare triple {29811#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {29811#true} is VALID [2022-02-20 18:01:06,710 INFO L290 TraceCheckUtils]: 46: Hoare triple {29811#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {29811#true} is VALID [2022-02-20 18:01:06,710 INFO L290 TraceCheckUtils]: 47: Hoare triple {29811#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {29811#true} is VALID [2022-02-20 18:01:06,710 INFO L290 TraceCheckUtils]: 48: Hoare triple {29811#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {29811#true} is VALID [2022-02-20 18:01:06,710 INFO L290 TraceCheckUtils]: 49: Hoare triple {29811#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {29811#true} is VALID [2022-02-20 18:01:06,710 INFO L290 TraceCheckUtils]: 50: Hoare triple {29811#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {29811#true} is VALID [2022-02-20 18:01:06,710 INFO L290 TraceCheckUtils]: 51: Hoare triple {29811#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {29811#true} is VALID [2022-02-20 18:01:06,711 INFO L290 TraceCheckUtils]: 52: Hoare triple {29811#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {29811#true} is VALID [2022-02-20 18:01:06,711 INFO L290 TraceCheckUtils]: 53: Hoare triple {29811#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~15#1 := 1; {29811#true} is VALID [2022-02-20 18:01:06,711 INFO L290 TraceCheckUtils]: 54: Hoare triple {29811#true} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {29811#true} is VALID [2022-02-20 18:01:06,711 INFO L290 TraceCheckUtils]: 55: Hoare triple {29811#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {29811#true} is VALID [2022-02-20 18:01:06,711 INFO L290 TraceCheckUtils]: 56: Hoare triple {29811#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {29811#true} is VALID [2022-02-20 18:01:06,711 INFO L290 TraceCheckUtils]: 57: Hoare triple {29811#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {29811#true} is VALID [2022-02-20 18:01:06,712 INFO L272 TraceCheckUtils]: 58: Hoare triple {29811#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:06,712 INFO L290 TraceCheckUtils]: 59: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {29811#true} is VALID [2022-02-20 18:01:06,712 INFO L272 TraceCheckUtils]: 60: Hoare triple {29811#true} call setClientId(~bob___0, ~bob___0); {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:06,712 INFO L290 TraceCheckUtils]: 61: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,713 INFO L290 TraceCheckUtils]: 62: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,713 INFO L290 TraceCheckUtils]: 63: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,713 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {29811#true} {29811#true} #1729#return; {29811#true} is VALID [2022-02-20 18:01:06,713 INFO L290 TraceCheckUtils]: 65: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,713 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {29811#true} {29811#true} #1747#return; {29811#true} is VALID [2022-02-20 18:01:06,714 INFO L272 TraceCheckUtils]: 67: Hoare triple {29811#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {29904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:06,714 INFO L290 TraceCheckUtils]: 68: Hoare triple {29904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,714 INFO L290 TraceCheckUtils]: 69: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,714 INFO L290 TraceCheckUtils]: 70: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,714 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {29811#true} {29811#true} #1749#return; {29811#true} is VALID [2022-02-20 18:01:06,714 INFO L290 TraceCheckUtils]: 72: Hoare triple {29811#true} assume { :end_inline_setup_bob__role__Keys } true; {29811#true} is VALID [2022-02-20 18:01:06,714 INFO L290 TraceCheckUtils]: 73: Hoare triple {29811#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {29849#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:06,715 INFO L290 TraceCheckUtils]: 74: Hoare triple {29849#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {29850#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:06,715 INFO L272 TraceCheckUtils]: 75: Hoare triple {29850#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:06,716 INFO L290 TraceCheckUtils]: 76: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {29905#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:06,716 INFO L272 TraceCheckUtils]: 77: Hoare triple {29905#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:06,717 INFO L290 TraceCheckUtils]: 78: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29911#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:06,717 INFO L290 TraceCheckUtils]: 79: Hoare triple {29911#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29912#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:06,717 INFO L290 TraceCheckUtils]: 80: Hoare triple {29912#(= |setClientId_#in~handle| 1)} assume true; {29912#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:06,718 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {29912#(= |setClientId_#in~handle| 1)} {29905#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1681#return; {29910#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:06,718 INFO L290 TraceCheckUtils]: 82: Hoare triple {29910#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {29910#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:06,718 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {29910#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {29850#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1753#return; {29812#false} is VALID [2022-02-20 18:01:06,718 INFO L272 TraceCheckUtils]: 84: Hoare triple {29812#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {29904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:06,719 INFO L290 TraceCheckUtils]: 85: Hoare triple {29904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,719 INFO L290 TraceCheckUtils]: 86: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,719 INFO L290 TraceCheckUtils]: 87: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,719 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {29811#true} {29812#false} #1755#return; {29812#false} is VALID [2022-02-20 18:01:06,719 INFO L290 TraceCheckUtils]: 89: Hoare triple {29812#false} assume { :end_inline_setup_rjh__role__Keys } true; {29812#false} is VALID [2022-02-20 18:01:06,719 INFO L290 TraceCheckUtils]: 90: Hoare triple {29812#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {29812#false} is VALID [2022-02-20 18:01:06,719 INFO L290 TraceCheckUtils]: 91: Hoare triple {29812#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {29812#false} is VALID [2022-02-20 18:01:06,719 INFO L272 TraceCheckUtils]: 92: Hoare triple {29812#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:06,719 INFO L290 TraceCheckUtils]: 93: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {29811#true} is VALID [2022-02-20 18:01:06,720 INFO L272 TraceCheckUtils]: 94: Hoare triple {29811#true} call setClientId(~chuck___0, ~chuck___0); {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:06,720 INFO L290 TraceCheckUtils]: 95: Hoare triple {29899#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,720 INFO L290 TraceCheckUtils]: 96: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,720 INFO L290 TraceCheckUtils]: 97: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,720 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {29811#true} {29811#true} #1623#return; {29811#true} is VALID [2022-02-20 18:01:06,720 INFO L290 TraceCheckUtils]: 99: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,721 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {29811#true} {29812#false} #1759#return; {29812#false} is VALID [2022-02-20 18:01:06,721 INFO L272 TraceCheckUtils]: 101: Hoare triple {29812#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {29904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:06,721 INFO L290 TraceCheckUtils]: 102: Hoare triple {29904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,721 INFO L290 TraceCheckUtils]: 103: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,721 INFO L290 TraceCheckUtils]: 104: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,721 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {29811#true} {29812#false} #1761#return; {29812#false} is VALID [2022-02-20 18:01:06,721 INFO L290 TraceCheckUtils]: 106: Hoare triple {29812#false} assume { :end_inline_setup_chuck__role__Keys } true; {29812#false} is VALID [2022-02-20 18:01:06,721 INFO L290 TraceCheckUtils]: 107: Hoare triple {29812#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {29812#false} is VALID [2022-02-20 18:01:06,721 INFO L290 TraceCheckUtils]: 108: Hoare triple {29812#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29812#false} is VALID [2022-02-20 18:01:06,722 INFO L290 TraceCheckUtils]: 109: Hoare triple {29812#false} assume !false; {29812#false} is VALID [2022-02-20 18:01:06,722 INFO L290 TraceCheckUtils]: 110: Hoare triple {29812#false} assume test_~splverifierCounter~0#1 < 4; {29812#false} is VALID [2022-02-20 18:01:06,722 INFO L290 TraceCheckUtils]: 111: Hoare triple {29812#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {29812#false} is VALID [2022-02-20 18:01:06,722 INFO L290 TraceCheckUtils]: 112: Hoare triple {29812#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {29812#false} is VALID [2022-02-20 18:01:06,722 INFO L290 TraceCheckUtils]: 113: Hoare triple {29812#false} assume !(0 != test_~tmp___9~0#1); {29812#false} is VALID [2022-02-20 18:01:06,722 INFO L290 TraceCheckUtils]: 114: Hoare triple {29812#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {29812#false} is VALID [2022-02-20 18:01:06,722 INFO L290 TraceCheckUtils]: 115: Hoare triple {29812#false} assume 0 != test_~tmp___8~0#1; {29812#false} is VALID [2022-02-20 18:01:06,722 INFO L290 TraceCheckUtils]: 116: Hoare triple {29812#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {29812#false} is VALID [2022-02-20 18:01:06,722 INFO L290 TraceCheckUtils]: 117: Hoare triple {29812#false} test_~op2~0#1 := 1; {29812#false} is VALID [2022-02-20 18:01:06,723 INFO L290 TraceCheckUtils]: 118: Hoare triple {29812#false} assume !false; {29812#false} is VALID [2022-02-20 18:01:06,723 INFO L290 TraceCheckUtils]: 119: Hoare triple {29812#false} assume !(test_~splverifierCounter~0#1 < 4); {29812#false} is VALID [2022-02-20 18:01:06,723 INFO L290 TraceCheckUtils]: 120: Hoare triple {29812#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {29812#false} is VALID [2022-02-20 18:01:06,723 INFO L272 TraceCheckUtils]: 121: Hoare triple {29812#false} call sendEmail(~bob~0, ~rjh~0); {29812#false} is VALID [2022-02-20 18:01:06,723 INFO L290 TraceCheckUtils]: 122: Hoare triple {29812#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29812#false} is VALID [2022-02-20 18:01:06,723 INFO L272 TraceCheckUtils]: 123: Hoare triple {29812#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {29917#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:06,723 INFO L290 TraceCheckUtils]: 124: Hoare triple {29917#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,723 INFO L290 TraceCheckUtils]: 125: Hoare triple {29811#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,723 INFO L290 TraceCheckUtils]: 126: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,724 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {29811#true} {29812#false} #1645#return; {29812#false} is VALID [2022-02-20 18:01:06,724 INFO L272 TraceCheckUtils]: 128: Hoare triple {29812#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {29918#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:06,724 INFO L290 TraceCheckUtils]: 129: Hoare triple {29918#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,724 INFO L290 TraceCheckUtils]: 130: Hoare triple {29811#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,724 INFO L290 TraceCheckUtils]: 131: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,724 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {29811#true} {29812#false} #1647#return; {29812#false} is VALID [2022-02-20 18:01:06,724 INFO L290 TraceCheckUtils]: 133: Hoare triple {29812#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {29812#false} is VALID [2022-02-20 18:01:06,724 INFO L290 TraceCheckUtils]: 134: Hoare triple {29812#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {29812#false} is VALID [2022-02-20 18:01:06,724 INFO L272 TraceCheckUtils]: 135: Hoare triple {29812#false} call outgoing(~sender#1, ~email~0#1); {29812#false} is VALID [2022-02-20 18:01:06,724 INFO L290 TraceCheckUtils]: 136: Hoare triple {29812#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29812#false} is VALID [2022-02-20 18:01:06,725 INFO L290 TraceCheckUtils]: 137: Hoare triple {29812#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {29812#false} is VALID [2022-02-20 18:01:06,725 INFO L272 TraceCheckUtils]: 138: Hoare triple {29812#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {29811#true} is VALID [2022-02-20 18:01:06,725 INFO L290 TraceCheckUtils]: 139: Hoare triple {29811#true} ~handle := #in~handle;havoc ~retValue_acc~15; {29811#true} is VALID [2022-02-20 18:01:06,725 INFO L290 TraceCheckUtils]: 140: Hoare triple {29811#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {29811#true} is VALID [2022-02-20 18:01:06,725 INFO L290 TraceCheckUtils]: 141: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,725 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {29811#true} {29812#false} #1589#return; {29812#false} is VALID [2022-02-20 18:01:06,725 INFO L290 TraceCheckUtils]: 143: Hoare triple {29812#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {29812#false} is VALID [2022-02-20 18:01:06,725 INFO L290 TraceCheckUtils]: 144: Hoare triple {29812#false} assume 0 == sign_~privkey~1#1; {29812#false} is VALID [2022-02-20 18:01:06,725 INFO L290 TraceCheckUtils]: 145: Hoare triple {29812#false} assume { :end_inline_sign } true; {29812#false} is VALID [2022-02-20 18:01:06,726 INFO L272 TraceCheckUtils]: 146: Hoare triple {29812#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {29812#false} is VALID [2022-02-20 18:01:06,726 INFO L290 TraceCheckUtils]: 147: Hoare triple {29812#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29812#false} is VALID [2022-02-20 18:01:06,726 INFO L290 TraceCheckUtils]: 148: Hoare triple {29812#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {29812#false} is VALID [2022-02-20 18:01:06,726 INFO L272 TraceCheckUtils]: 149: Hoare triple {29812#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {29812#false} is VALID [2022-02-20 18:01:06,726 INFO L290 TraceCheckUtils]: 150: Hoare triple {29812#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29812#false} is VALID [2022-02-20 18:01:06,726 INFO L290 TraceCheckUtils]: 151: Hoare triple {29812#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {29812#false} is VALID [2022-02-20 18:01:06,726 INFO L272 TraceCheckUtils]: 152: Hoare triple {29812#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {29812#false} is VALID [2022-02-20 18:01:06,726 INFO L290 TraceCheckUtils]: 153: Hoare triple {29812#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {29812#false} is VALID [2022-02-20 18:01:06,726 INFO L290 TraceCheckUtils]: 154: Hoare triple {29812#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {29812#false} is VALID [2022-02-20 18:01:06,727 INFO L290 TraceCheckUtils]: 155: Hoare triple {29812#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {29812#false} is VALID [2022-02-20 18:01:06,727 INFO L272 TraceCheckUtils]: 156: Hoare triple {29812#false} call setEmailFrom(~msg#1, ~tmp~2#1); {29917#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:06,727 INFO L290 TraceCheckUtils]: 157: Hoare triple {29917#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:06,727 INFO L290 TraceCheckUtils]: 158: Hoare triple {29811#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:06,727 INFO L290 TraceCheckUtils]: 159: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,727 INFO L284 TraceCheckUtils]: 160: Hoare quadruple {29811#true} {29812#false} #1657#return; {29812#false} is VALID [2022-02-20 18:01:06,727 INFO L290 TraceCheckUtils]: 161: Hoare triple {29812#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {29812#false} is VALID [2022-02-20 18:01:06,727 INFO L272 TraceCheckUtils]: 162: Hoare triple {29812#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {29811#true} is VALID [2022-02-20 18:01:06,727 INFO L290 TraceCheckUtils]: 163: Hoare triple {29811#true} ~handle := #in~handle;havoc ~retValue_acc~33; {29811#true} is VALID [2022-02-20 18:01:06,727 INFO L290 TraceCheckUtils]: 164: Hoare triple {29811#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {29811#true} is VALID [2022-02-20 18:01:06,728 INFO L290 TraceCheckUtils]: 165: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,728 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {29811#true} {29812#false} #1659#return; {29812#false} is VALID [2022-02-20 18:01:06,728 INFO L290 TraceCheckUtils]: 167: Hoare triple {29812#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {29812#false} is VALID [2022-02-20 18:01:06,728 INFO L290 TraceCheckUtils]: 168: Hoare triple {29812#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {29812#false} is VALID [2022-02-20 18:01:06,728 INFO L272 TraceCheckUtils]: 169: Hoare triple {29812#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {29811#true} is VALID [2022-02-20 18:01:06,728 INFO L290 TraceCheckUtils]: 170: Hoare triple {29811#true} ~handle := #in~handle;havoc ~retValue_acc~15; {29811#true} is VALID [2022-02-20 18:01:06,728 INFO L290 TraceCheckUtils]: 171: Hoare triple {29811#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {29811#true} is VALID [2022-02-20 18:01:06,728 INFO L290 TraceCheckUtils]: 172: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:06,728 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {29811#true} {29812#false} #1661#return; {29812#false} is VALID [2022-02-20 18:01:06,729 INFO L290 TraceCheckUtils]: 174: Hoare triple {29812#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {29812#false} is VALID [2022-02-20 18:01:06,729 INFO L290 TraceCheckUtils]: 175: Hoare triple {29812#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {29812#false} is VALID [2022-02-20 18:01:06,729 INFO L290 TraceCheckUtils]: 176: Hoare triple {29812#false} assume !false; {29812#false} is VALID [2022-02-20 18:01:06,730 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 18:01:06,730 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:06,730 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1988772223] [2022-02-20 18:01:06,730 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1988772223] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:06,730 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1393222811] [2022-02-20 18:01:06,730 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:06,731 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:06,731 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:06,732 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:06,733 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:01:07,002 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:07,007 INFO L263 TraceCheckSpWp]: Trace formula consists of 1443 conjuncts, 10 conjunts are in the unsatisfiable core [2022-02-20 18:01:07,060 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:07,068 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:07,501 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {29811#true} is VALID [2022-02-20 18:01:07,502 INFO L290 TraceCheckUtils]: 1: Hoare triple {29811#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {29811#true} is VALID [2022-02-20 18:01:07,502 INFO L290 TraceCheckUtils]: 2: Hoare triple {29811#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {29811#true} is VALID [2022-02-20 18:01:07,502 INFO L272 TraceCheckUtils]: 3: Hoare triple {29811#true} call select_features_#t~ret50#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:07,502 INFO L290 TraceCheckUtils]: 4: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:07,502 INFO L290 TraceCheckUtils]: 5: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:07,502 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {29811#true} {29811#true} #1731#return; {29811#true} is VALID [2022-02-20 18:01:07,502 INFO L290 TraceCheckUtils]: 7: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {29811#true} is VALID [2022-02-20 18:01:07,502 INFO L272 TraceCheckUtils]: 8: Hoare triple {29811#true} call select_features_#t~ret51#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:07,502 INFO L290 TraceCheckUtils]: 9: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:07,502 INFO L290 TraceCheckUtils]: 10: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:07,502 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {29811#true} {29811#true} #1733#return; {29811#true} is VALID [2022-02-20 18:01:07,503 INFO L290 TraceCheckUtils]: 12: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {29811#true} is VALID [2022-02-20 18:01:07,503 INFO L272 TraceCheckUtils]: 13: Hoare triple {29811#true} call select_features_#t~ret52#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:07,503 INFO L290 TraceCheckUtils]: 14: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:07,503 INFO L290 TraceCheckUtils]: 15: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:07,503 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29811#true} {29811#true} #1735#return; {29811#true} is VALID [2022-02-20 18:01:07,503 INFO L290 TraceCheckUtils]: 17: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {29811#true} is VALID [2022-02-20 18:01:07,503 INFO L272 TraceCheckUtils]: 18: Hoare triple {29811#true} call select_features_#t~ret53#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:07,503 INFO L290 TraceCheckUtils]: 19: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:07,503 INFO L290 TraceCheckUtils]: 20: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:07,504 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {29811#true} {29811#true} #1737#return; {29811#true} is VALID [2022-02-20 18:01:07,504 INFO L290 TraceCheckUtils]: 22: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {29811#true} is VALID [2022-02-20 18:01:07,504 INFO L272 TraceCheckUtils]: 23: Hoare triple {29811#true} call select_features_#t~ret54#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:07,504 INFO L290 TraceCheckUtils]: 24: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:07,504 INFO L290 TraceCheckUtils]: 25: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:07,504 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {29811#true} {29811#true} #1739#return; {29811#true} is VALID [2022-02-20 18:01:07,504 INFO L290 TraceCheckUtils]: 27: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {29811#true} is VALID [2022-02-20 18:01:07,504 INFO L272 TraceCheckUtils]: 28: Hoare triple {29811#true} call select_features_#t~ret55#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:07,504 INFO L290 TraceCheckUtils]: 29: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:07,505 INFO L290 TraceCheckUtils]: 30: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:07,505 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {29811#true} {29811#true} #1741#return; {29811#true} is VALID [2022-02-20 18:01:07,505 INFO L290 TraceCheckUtils]: 32: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {29811#true} is VALID [2022-02-20 18:01:07,505 INFO L272 TraceCheckUtils]: 33: Hoare triple {29811#true} call select_features_#t~ret56#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:07,505 INFO L290 TraceCheckUtils]: 34: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:07,505 INFO L290 TraceCheckUtils]: 35: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:07,505 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {29811#true} {29811#true} #1743#return; {29811#true} is VALID [2022-02-20 18:01:07,505 INFO L290 TraceCheckUtils]: 37: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {29811#true} is VALID [2022-02-20 18:01:07,505 INFO L272 TraceCheckUtils]: 38: Hoare triple {29811#true} call select_features_#t~ret57#1 := select_one(); {29811#true} is VALID [2022-02-20 18:01:07,506 INFO L290 TraceCheckUtils]: 39: Hoare triple {29811#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {29811#true} is VALID [2022-02-20 18:01:07,506 INFO L290 TraceCheckUtils]: 40: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:07,506 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {29811#true} {29811#true} #1745#return; {29811#true} is VALID [2022-02-20 18:01:07,506 INFO L290 TraceCheckUtils]: 42: Hoare triple {29811#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {29811#true} is VALID [2022-02-20 18:01:07,506 INFO L290 TraceCheckUtils]: 43: Hoare triple {29811#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {29811#true} is VALID [2022-02-20 18:01:07,506 INFO L290 TraceCheckUtils]: 44: Hoare triple {29811#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {29811#true} is VALID [2022-02-20 18:01:07,506 INFO L290 TraceCheckUtils]: 45: Hoare triple {29811#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {29811#true} is VALID [2022-02-20 18:01:07,506 INFO L290 TraceCheckUtils]: 46: Hoare triple {29811#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {29811#true} is VALID [2022-02-20 18:01:07,506 INFO L290 TraceCheckUtils]: 47: Hoare triple {29811#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {29811#true} is VALID [2022-02-20 18:01:07,507 INFO L290 TraceCheckUtils]: 48: Hoare triple {29811#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {29811#true} is VALID [2022-02-20 18:01:07,507 INFO L290 TraceCheckUtils]: 49: Hoare triple {29811#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {29811#true} is VALID [2022-02-20 18:01:07,507 INFO L290 TraceCheckUtils]: 50: Hoare triple {29811#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {29811#true} is VALID [2022-02-20 18:01:07,507 INFO L290 TraceCheckUtils]: 51: Hoare triple {29811#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {29811#true} is VALID [2022-02-20 18:01:07,507 INFO L290 TraceCheckUtils]: 52: Hoare triple {29811#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {29811#true} is VALID [2022-02-20 18:01:07,507 INFO L290 TraceCheckUtils]: 53: Hoare triple {29811#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~15#1 := 1; {29811#true} is VALID [2022-02-20 18:01:07,507 INFO L290 TraceCheckUtils]: 54: Hoare triple {29811#true} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {29811#true} is VALID [2022-02-20 18:01:07,507 INFO L290 TraceCheckUtils]: 55: Hoare triple {29811#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {29811#true} is VALID [2022-02-20 18:01:07,507 INFO L290 TraceCheckUtils]: 56: Hoare triple {29811#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {29811#true} is VALID [2022-02-20 18:01:07,508 INFO L290 TraceCheckUtils]: 57: Hoare triple {29811#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {29811#true} is VALID [2022-02-20 18:01:07,508 INFO L272 TraceCheckUtils]: 58: Hoare triple {29811#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {29811#true} is VALID [2022-02-20 18:01:07,508 INFO L290 TraceCheckUtils]: 59: Hoare triple {29811#true} ~bob___0 := #in~bob___0; {29811#true} is VALID [2022-02-20 18:01:07,508 INFO L272 TraceCheckUtils]: 60: Hoare triple {29811#true} call setClientId(~bob___0, ~bob___0); {29811#true} is VALID [2022-02-20 18:01:07,508 INFO L290 TraceCheckUtils]: 61: Hoare triple {29811#true} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:07,508 INFO L290 TraceCheckUtils]: 62: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:07,508 INFO L290 TraceCheckUtils]: 63: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:07,508 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {29811#true} {29811#true} #1729#return; {29811#true} is VALID [2022-02-20 18:01:07,508 INFO L290 TraceCheckUtils]: 65: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:07,509 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {29811#true} {29811#true} #1747#return; {29811#true} is VALID [2022-02-20 18:01:07,509 INFO L272 TraceCheckUtils]: 67: Hoare triple {29811#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {29811#true} is VALID [2022-02-20 18:01:07,509 INFO L290 TraceCheckUtils]: 68: Hoare triple {29811#true} ~handle := #in~handle;~value := #in~value; {29811#true} is VALID [2022-02-20 18:01:07,509 INFO L290 TraceCheckUtils]: 69: Hoare triple {29811#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29811#true} is VALID [2022-02-20 18:01:07,509 INFO L290 TraceCheckUtils]: 70: Hoare triple {29811#true} assume true; {29811#true} is VALID [2022-02-20 18:01:07,509 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {29811#true} {29811#true} #1749#return; {29811#true} is VALID [2022-02-20 18:01:07,509 INFO L290 TraceCheckUtils]: 72: Hoare triple {29811#true} assume { :end_inline_setup_bob__role__Keys } true; {29811#true} is VALID [2022-02-20 18:01:07,510 INFO L290 TraceCheckUtils]: 73: Hoare triple {29811#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {30141#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:01:07,510 INFO L290 TraceCheckUtils]: 74: Hoare triple {30141#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {30145#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:01:07,510 INFO L272 TraceCheckUtils]: 75: Hoare triple {30145#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {29811#true} is VALID [2022-02-20 18:01:07,511 INFO L290 TraceCheckUtils]: 76: Hoare triple {29811#true} ~rjh___0 := #in~rjh___0; {30152#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} is VALID [2022-02-20 18:01:07,511 INFO L272 TraceCheckUtils]: 77: Hoare triple {30152#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} call setClientId(~rjh___0, ~rjh___0); {29811#true} is VALID [2022-02-20 18:01:07,511 INFO L290 TraceCheckUtils]: 78: Hoare triple {29811#true} ~handle := #in~handle;~value := #in~value; {30159#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:01:07,511 INFO L290 TraceCheckUtils]: 79: Hoare triple {30159#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30163#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:07,512 INFO L290 TraceCheckUtils]: 80: Hoare triple {30163#(<= |setClientId_#in~handle| 1)} assume true; {30163#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:07,513 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {30163#(<= |setClientId_#in~handle| 1)} {30152#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} #1681#return; {30170#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:07,513 INFO L290 TraceCheckUtils]: 82: Hoare triple {30170#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {30170#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:01:07,513 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {30170#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} {30145#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1753#return; {29812#false} is VALID [2022-02-20 18:01:07,513 INFO L272 TraceCheckUtils]: 84: Hoare triple {29812#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {29812#false} is VALID [2022-02-20 18:01:07,514 INFO L290 TraceCheckUtils]: 85: Hoare triple {29812#false} ~handle := #in~handle;~value := #in~value; {29812#false} is VALID [2022-02-20 18:01:07,514 INFO L290 TraceCheckUtils]: 86: Hoare triple {29812#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29812#false} is VALID [2022-02-20 18:01:07,514 INFO L290 TraceCheckUtils]: 87: Hoare triple {29812#false} assume true; {29812#false} is VALID [2022-02-20 18:01:07,514 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {29812#false} {29812#false} #1755#return; {29812#false} is VALID [2022-02-20 18:01:07,514 INFO L290 TraceCheckUtils]: 89: Hoare triple {29812#false} assume { :end_inline_setup_rjh__role__Keys } true; {29812#false} is VALID [2022-02-20 18:01:07,514 INFO L290 TraceCheckUtils]: 90: Hoare triple {29812#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {29812#false} is VALID [2022-02-20 18:01:07,514 INFO L290 TraceCheckUtils]: 91: Hoare triple {29812#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {29812#false} is VALID [2022-02-20 18:01:07,514 INFO L272 TraceCheckUtils]: 92: Hoare triple {29812#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {29812#false} is VALID [2022-02-20 18:01:07,514 INFO L290 TraceCheckUtils]: 93: Hoare triple {29812#false} ~chuck___0 := #in~chuck___0; {29812#false} is VALID [2022-02-20 18:01:07,515 INFO L272 TraceCheckUtils]: 94: Hoare triple {29812#false} call setClientId(~chuck___0, ~chuck___0); {29812#false} is VALID [2022-02-20 18:01:07,515 INFO L290 TraceCheckUtils]: 95: Hoare triple {29812#false} ~handle := #in~handle;~value := #in~value; {29812#false} is VALID [2022-02-20 18:01:07,515 INFO L290 TraceCheckUtils]: 96: Hoare triple {29812#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29812#false} is VALID [2022-02-20 18:01:07,515 INFO L290 TraceCheckUtils]: 97: Hoare triple {29812#false} assume true; {29812#false} is VALID [2022-02-20 18:01:07,515 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {29812#false} {29812#false} #1623#return; {29812#false} is VALID [2022-02-20 18:01:07,515 INFO L290 TraceCheckUtils]: 99: Hoare triple {29812#false} assume true; {29812#false} is VALID [2022-02-20 18:01:07,515 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {29812#false} {29812#false} #1759#return; {29812#false} is VALID [2022-02-20 18:01:07,515 INFO L272 TraceCheckUtils]: 101: Hoare triple {29812#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {29812#false} is VALID [2022-02-20 18:01:07,515 INFO L290 TraceCheckUtils]: 102: Hoare triple {29812#false} ~handle := #in~handle;~value := #in~value; {29812#false} is VALID [2022-02-20 18:01:07,516 INFO L290 TraceCheckUtils]: 103: Hoare triple {29812#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29812#false} is VALID [2022-02-20 18:01:07,516 INFO L290 TraceCheckUtils]: 104: Hoare triple {29812#false} assume true; {29812#false} is VALID [2022-02-20 18:01:07,516 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {29812#false} {29812#false} #1761#return; {29812#false} is VALID [2022-02-20 18:01:07,516 INFO L290 TraceCheckUtils]: 106: Hoare triple {29812#false} assume { :end_inline_setup_chuck__role__Keys } true; {29812#false} is VALID [2022-02-20 18:01:07,516 INFO L290 TraceCheckUtils]: 107: Hoare triple {29812#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {29812#false} is VALID [2022-02-20 18:01:07,516 INFO L290 TraceCheckUtils]: 108: Hoare triple {29812#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29812#false} is VALID [2022-02-20 18:01:07,516 INFO L290 TraceCheckUtils]: 109: Hoare triple {29812#false} assume !false; {29812#false} is VALID [2022-02-20 18:01:07,516 INFO L290 TraceCheckUtils]: 110: Hoare triple {29812#false} assume test_~splverifierCounter~0#1 < 4; {29812#false} is VALID [2022-02-20 18:01:07,516 INFO L290 TraceCheckUtils]: 111: Hoare triple {29812#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {29812#false} is VALID [2022-02-20 18:01:07,516 INFO L290 TraceCheckUtils]: 112: Hoare triple {29812#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {29812#false} is VALID [2022-02-20 18:01:07,517 INFO L290 TraceCheckUtils]: 113: Hoare triple {29812#false} assume !(0 != test_~tmp___9~0#1); {29812#false} is VALID [2022-02-20 18:01:07,517 INFO L290 TraceCheckUtils]: 114: Hoare triple {29812#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {29812#false} is VALID [2022-02-20 18:01:07,517 INFO L290 TraceCheckUtils]: 115: Hoare triple {29812#false} assume 0 != test_~tmp___8~0#1; {29812#false} is VALID [2022-02-20 18:01:07,517 INFO L290 TraceCheckUtils]: 116: Hoare triple {29812#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {29812#false} is VALID [2022-02-20 18:01:07,517 INFO L290 TraceCheckUtils]: 117: Hoare triple {29812#false} test_~op2~0#1 := 1; {29812#false} is VALID [2022-02-20 18:01:07,517 INFO L290 TraceCheckUtils]: 118: Hoare triple {29812#false} assume !false; {29812#false} is VALID [2022-02-20 18:01:07,517 INFO L290 TraceCheckUtils]: 119: Hoare triple {29812#false} assume !(test_~splverifierCounter~0#1 < 4); {29812#false} is VALID [2022-02-20 18:01:07,517 INFO L290 TraceCheckUtils]: 120: Hoare triple {29812#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {29812#false} is VALID [2022-02-20 18:01:07,517 INFO L272 TraceCheckUtils]: 121: Hoare triple {29812#false} call sendEmail(~bob~0, ~rjh~0); {29812#false} is VALID [2022-02-20 18:01:07,518 INFO L290 TraceCheckUtils]: 122: Hoare triple {29812#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29812#false} is VALID [2022-02-20 18:01:07,518 INFO L272 TraceCheckUtils]: 123: Hoare triple {29812#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {29812#false} is VALID [2022-02-20 18:01:07,518 INFO L290 TraceCheckUtils]: 124: Hoare triple {29812#false} ~handle := #in~handle;~value := #in~value; {29812#false} is VALID [2022-02-20 18:01:07,518 INFO L290 TraceCheckUtils]: 125: Hoare triple {29812#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29812#false} is VALID [2022-02-20 18:01:07,518 INFO L290 TraceCheckUtils]: 126: Hoare triple {29812#false} assume true; {29812#false} is VALID [2022-02-20 18:01:07,518 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {29812#false} {29812#false} #1645#return; {29812#false} is VALID [2022-02-20 18:01:07,518 INFO L272 TraceCheckUtils]: 128: Hoare triple {29812#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {29812#false} is VALID [2022-02-20 18:01:07,518 INFO L290 TraceCheckUtils]: 129: Hoare triple {29812#false} ~handle := #in~handle;~value := #in~value; {29812#false} is VALID [2022-02-20 18:01:07,518 INFO L290 TraceCheckUtils]: 130: Hoare triple {29812#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29812#false} is VALID [2022-02-20 18:01:07,519 INFO L290 TraceCheckUtils]: 131: Hoare triple {29812#false} assume true; {29812#false} is VALID [2022-02-20 18:01:07,519 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {29812#false} {29812#false} #1647#return; {29812#false} is VALID [2022-02-20 18:01:07,519 INFO L290 TraceCheckUtils]: 133: Hoare triple {29812#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {29812#false} is VALID [2022-02-20 18:01:07,519 INFO L290 TraceCheckUtils]: 134: Hoare triple {29812#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {29812#false} is VALID [2022-02-20 18:01:07,519 INFO L272 TraceCheckUtils]: 135: Hoare triple {29812#false} call outgoing(~sender#1, ~email~0#1); {29812#false} is VALID [2022-02-20 18:01:07,519 INFO L290 TraceCheckUtils]: 136: Hoare triple {29812#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29812#false} is VALID [2022-02-20 18:01:07,519 INFO L290 TraceCheckUtils]: 137: Hoare triple {29812#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {29812#false} is VALID [2022-02-20 18:01:07,519 INFO L272 TraceCheckUtils]: 138: Hoare triple {29812#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {29812#false} is VALID [2022-02-20 18:01:07,519 INFO L290 TraceCheckUtils]: 139: Hoare triple {29812#false} ~handle := #in~handle;havoc ~retValue_acc~15; {29812#false} is VALID [2022-02-20 18:01:07,519 INFO L290 TraceCheckUtils]: 140: Hoare triple {29812#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {29812#false} is VALID [2022-02-20 18:01:07,520 INFO L290 TraceCheckUtils]: 141: Hoare triple {29812#false} assume true; {29812#false} is VALID [2022-02-20 18:01:07,520 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {29812#false} {29812#false} #1589#return; {29812#false} is VALID [2022-02-20 18:01:07,520 INFO L290 TraceCheckUtils]: 143: Hoare triple {29812#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {29812#false} is VALID [2022-02-20 18:01:07,520 INFO L290 TraceCheckUtils]: 144: Hoare triple {29812#false} assume 0 == sign_~privkey~1#1; {29812#false} is VALID [2022-02-20 18:01:07,520 INFO L290 TraceCheckUtils]: 145: Hoare triple {29812#false} assume { :end_inline_sign } true; {29812#false} is VALID [2022-02-20 18:01:07,520 INFO L272 TraceCheckUtils]: 146: Hoare triple {29812#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {29812#false} is VALID [2022-02-20 18:01:07,520 INFO L290 TraceCheckUtils]: 147: Hoare triple {29812#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29812#false} is VALID [2022-02-20 18:01:07,520 INFO L290 TraceCheckUtils]: 148: Hoare triple {29812#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {29812#false} is VALID [2022-02-20 18:01:07,520 INFO L272 TraceCheckUtils]: 149: Hoare triple {29812#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {29812#false} is VALID [2022-02-20 18:01:07,521 INFO L290 TraceCheckUtils]: 150: Hoare triple {29812#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29812#false} is VALID [2022-02-20 18:01:07,521 INFO L290 TraceCheckUtils]: 151: Hoare triple {29812#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {29812#false} is VALID [2022-02-20 18:01:07,521 INFO L272 TraceCheckUtils]: 152: Hoare triple {29812#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {29812#false} is VALID [2022-02-20 18:01:07,521 INFO L290 TraceCheckUtils]: 153: Hoare triple {29812#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {29812#false} is VALID [2022-02-20 18:01:07,521 INFO L290 TraceCheckUtils]: 154: Hoare triple {29812#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {29812#false} is VALID [2022-02-20 18:01:07,521 INFO L290 TraceCheckUtils]: 155: Hoare triple {29812#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {29812#false} is VALID [2022-02-20 18:01:07,521 INFO L272 TraceCheckUtils]: 156: Hoare triple {29812#false} call setEmailFrom(~msg#1, ~tmp~2#1); {29812#false} is VALID [2022-02-20 18:01:07,521 INFO L290 TraceCheckUtils]: 157: Hoare triple {29812#false} ~handle := #in~handle;~value := #in~value; {29812#false} is VALID [2022-02-20 18:01:07,521 INFO L290 TraceCheckUtils]: 158: Hoare triple {29812#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29812#false} is VALID [2022-02-20 18:01:07,522 INFO L290 TraceCheckUtils]: 159: Hoare triple {29812#false} assume true; {29812#false} is VALID [2022-02-20 18:01:07,522 INFO L284 TraceCheckUtils]: 160: Hoare quadruple {29812#false} {29812#false} #1657#return; {29812#false} is VALID [2022-02-20 18:01:07,522 INFO L290 TraceCheckUtils]: 161: Hoare triple {29812#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {29812#false} is VALID [2022-02-20 18:01:07,522 INFO L272 TraceCheckUtils]: 162: Hoare triple {29812#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {29812#false} is VALID [2022-02-20 18:01:07,522 INFO L290 TraceCheckUtils]: 163: Hoare triple {29812#false} ~handle := #in~handle;havoc ~retValue_acc~33; {29812#false} is VALID [2022-02-20 18:01:07,522 INFO L290 TraceCheckUtils]: 164: Hoare triple {29812#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {29812#false} is VALID [2022-02-20 18:01:07,522 INFO L290 TraceCheckUtils]: 165: Hoare triple {29812#false} assume true; {29812#false} is VALID [2022-02-20 18:01:07,522 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {29812#false} {29812#false} #1659#return; {29812#false} is VALID [2022-02-20 18:01:07,522 INFO L290 TraceCheckUtils]: 167: Hoare triple {29812#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {29812#false} is VALID [2022-02-20 18:01:07,523 INFO L290 TraceCheckUtils]: 168: Hoare triple {29812#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {29812#false} is VALID [2022-02-20 18:01:07,523 INFO L272 TraceCheckUtils]: 169: Hoare triple {29812#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {29812#false} is VALID [2022-02-20 18:01:07,523 INFO L290 TraceCheckUtils]: 170: Hoare triple {29812#false} ~handle := #in~handle;havoc ~retValue_acc~15; {29812#false} is VALID [2022-02-20 18:01:07,523 INFO L290 TraceCheckUtils]: 171: Hoare triple {29812#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {29812#false} is VALID [2022-02-20 18:01:07,523 INFO L290 TraceCheckUtils]: 172: Hoare triple {29812#false} assume true; {29812#false} is VALID [2022-02-20 18:01:07,523 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {29812#false} {29812#false} #1661#return; {29812#false} is VALID [2022-02-20 18:01:07,523 INFO L290 TraceCheckUtils]: 174: Hoare triple {29812#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {29812#false} is VALID [2022-02-20 18:01:07,523 INFO L290 TraceCheckUtils]: 175: Hoare triple {29812#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {29812#false} is VALID [2022-02-20 18:01:07,523 INFO L290 TraceCheckUtils]: 176: Hoare triple {29812#false} assume !false; {29812#false} is VALID [2022-02-20 18:01:07,524 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 99 trivial. 0 not checked. [2022-02-20 18:01:07,524 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:07,524 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1393222811] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:07,524 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:07,524 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [12] total 18 [2022-02-20 18:01:07,524 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2012988791] [2022-02-20 18:01:07,525 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:07,525 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 17.0) internal successors, (102), 8 states have internal predecessors, (102), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 177 [2022-02-20 18:01:07,525 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:07,526 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 6 states have (on average 17.0) internal successors, (102), 8 states have internal predecessors, (102), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:01:07,640 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 153 edges. 153 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:07,640 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:01:07,641 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:07,641 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:01:07,641 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=267, Unknown=0, NotChecked=0, Total=306 [2022-02-20 18:01:07,642 INFO L87 Difference]: Start difference. First operand 684 states and 998 transitions. Second operand has 8 states, 6 states have (on average 17.0) internal successors, (102), 8 states have internal predecessors, (102), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:01:10,315 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:10,316 INFO L93 Difference]: Finished difference Result 1315 states and 1933 transitions. [2022-02-20 18:01:10,316 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:01:10,316 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 17.0) internal successors, (102), 8 states have internal predecessors, (102), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 177 [2022-02-20 18:01:10,316 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:10,316 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 17.0) internal successors, (102), 8 states have internal predecessors, (102), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:01:10,328 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1635 transitions. [2022-02-20 18:01:10,328 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 17.0) internal successors, (102), 8 states have internal predecessors, (102), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:01:10,340 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1635 transitions. [2022-02-20 18:01:10,340 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 1635 transitions. [2022-02-20 18:01:11,320 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1635 edges. 1635 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:11,341 INFO L225 Difference]: With dead ends: 1315 [2022-02-20 18:01:11,341 INFO L226 Difference]: Without dead ends: 686 [2022-02-20 18:01:11,343 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 231 GetRequests, 212 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 18 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=51, Invalid=369, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:01:11,343 INFO L933 BasicCegarLoop]: 837 mSDtfsCounter, 363 mSDsluCounter, 4613 mSDsCounter, 0 mSdLazyCounter, 75 mSolverCounterSat, 44 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 365 SdHoareTripleChecker+Valid, 5450 SdHoareTripleChecker+Invalid, 119 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 44 IncrementalHoareTripleChecker+Valid, 75 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:11,343 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [365 Valid, 5450 Invalid, 119 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [44 Valid, 75 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:01:11,344 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 686 states. [2022-02-20 18:01:11,449 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 686 to 686. [2022-02-20 18:01:11,450 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:11,451 INFO L82 GeneralOperation]: Start isEquivalent. First operand 686 states. Second operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 534 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 18:01:11,452 INFO L74 IsIncluded]: Start isIncluded. First operand 686 states. Second operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 534 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 18:01:11,453 INFO L87 Difference]: Start difference. First operand 686 states. Second operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 534 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 18:01:11,489 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:11,489 INFO L93 Difference]: Finished difference Result 686 states and 1001 transitions. [2022-02-20 18:01:11,490 INFO L276 IsEmpty]: Start isEmpty. Operand 686 states and 1001 transitions. [2022-02-20 18:01:11,491 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:11,491 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:11,493 INFO L74 IsIncluded]: Start isIncluded. First operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 534 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) Second operand 686 states. [2022-02-20 18:01:11,494 INFO L87 Difference]: Start difference. First operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 534 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) Second operand 686 states. [2022-02-20 18:01:11,510 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:11,511 INFO L93 Difference]: Finished difference Result 686 states and 1001 transitions. [2022-02-20 18:01:11,511 INFO L276 IsEmpty]: Start isEmpty. Operand 686 states and 1001 transitions. [2022-02-20 18:01:11,512 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:11,512 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:11,512 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:11,513 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:11,514 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 534 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 18:01:11,537 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 686 states to 686 states and 1001 transitions. [2022-02-20 18:01:11,538 INFO L78 Accepts]: Start accepts. Automaton has 686 states and 1001 transitions. Word has length 177 [2022-02-20 18:01:11,538 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:11,538 INFO L470 AbstractCegarLoop]: Abstraction has 686 states and 1001 transitions. [2022-02-20 18:01:11,539 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 6 states have (on average 17.0) internal successors, (102), 8 states have internal predecessors, (102), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:01:11,539 INFO L276 IsEmpty]: Start isEmpty. Operand 686 states and 1001 transitions. [2022-02-20 18:01:11,541 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 179 [2022-02-20 18:01:11,541 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:11,541 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:11,560 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:11,760 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:11,760 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:11,761 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:11,761 INFO L85 PathProgramCache]: Analyzing trace with hash -1756071536, now seen corresponding path program 1 times [2022-02-20 18:01:11,761 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:11,761 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1821809868] [2022-02-20 18:01:11,761 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:11,762 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:11,801 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,871 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:01:11,873 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,875 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:11,876 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:11,876 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34586#true} {34586#true} #1731#return; {34586#true} is VALID [2022-02-20 18:01:11,876 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:01:11,877 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,882 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:11,882 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:11,882 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34586#true} {34586#true} #1733#return; {34586#true} is VALID [2022-02-20 18:01:11,883 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:01:11,884 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,900 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:11,900 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:11,900 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34586#true} {34586#true} #1735#return; {34586#true} is VALID [2022-02-20 18:01:11,901 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:11,902 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,904 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:11,904 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:11,904 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34586#true} {34586#true} #1737#return; {34586#true} is VALID [2022-02-20 18:01:11,904 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:01:11,906 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,907 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:11,907 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:11,908 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34586#true} {34586#true} #1739#return; {34586#true} is VALID [2022-02-20 18:01:11,908 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:01:11,909 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,911 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:11,911 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:11,911 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34586#true} {34586#true} #1741#return; {34586#true} is VALID [2022-02-20 18:01:11,911 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:01:11,912 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,914 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:11,914 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:11,914 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34586#true} {34586#true} #1743#return; {34586#true} is VALID [2022-02-20 18:01:11,914 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:01:11,916 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,917 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:11,918 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:11,918 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34586#true} {34586#true} #1745#return; {34586#true} is VALID [2022-02-20 18:01:11,926 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:01:11,928 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,945 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:11,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,949 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:11,949 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:11,949 INFO L290 TraceCheckUtils]: 2: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:11,949 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34586#true} {34586#true} #1729#return; {34586#true} is VALID [2022-02-20 18:01:11,949 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {34586#true} is VALID [2022-02-20 18:01:11,950 INFO L272 TraceCheckUtils]: 1: Hoare triple {34586#true} call setClientId(~bob___0, ~bob___0); {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:11,950 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:11,950 INFO L290 TraceCheckUtils]: 3: Hoare triple {34586#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:11,951 INFO L290 TraceCheckUtils]: 4: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:11,951 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {34586#true} {34586#true} #1729#return; {34586#true} is VALID [2022-02-20 18:01:11,951 INFO L290 TraceCheckUtils]: 6: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:11,951 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {34586#true} {34586#true} #1747#return; {34586#true} is VALID [2022-02-20 18:01:11,957 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:01:11,959 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,961 INFO L290 TraceCheckUtils]: 0: Hoare triple {34679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:11,961 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:11,962 INFO L290 TraceCheckUtils]: 2: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:11,962 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34586#true} {34586#true} #1749#return; {34586#true} is VALID [2022-02-20 18:01:11,962 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:01:11,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:11,985 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:11,987 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,019 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34687#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:12,020 INFO L290 TraceCheckUtils]: 1: Hoare triple {34687#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34687#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:12,020 INFO L290 TraceCheckUtils]: 2: Hoare triple {34687#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34688#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:12,021 INFO L290 TraceCheckUtils]: 3: Hoare triple {34688#(= 2 |setClientId_#in~handle|)} assume true; {34688#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:12,021 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {34688#(= 2 |setClientId_#in~handle|)} {34680#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1681#return; {34686#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:12,022 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {34680#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:12,022 INFO L272 TraceCheckUtils]: 1: Hoare triple {34680#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:12,023 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34687#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:12,023 INFO L290 TraceCheckUtils]: 3: Hoare triple {34687#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34687#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:12,024 INFO L290 TraceCheckUtils]: 4: Hoare triple {34687#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34688#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:12,024 INFO L290 TraceCheckUtils]: 5: Hoare triple {34688#(= 2 |setClientId_#in~handle|)} assume true; {34688#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:12,024 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {34688#(= 2 |setClientId_#in~handle|)} {34680#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1681#return; {34686#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:12,025 INFO L290 TraceCheckUtils]: 7: Hoare triple {34686#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {34686#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:12,025 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {34686#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {34586#true} #1753#return; {34633#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 18:01:12,026 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:01:12,027 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,061 INFO L290 TraceCheckUtils]: 0: Hoare triple {34679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34689#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:12,061 INFO L290 TraceCheckUtils]: 1: Hoare triple {34689#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34690#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:12,062 INFO L290 TraceCheckUtils]: 2: Hoare triple {34690#(= |setClientPrivateKey_#in~handle| 1)} assume true; {34690#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:12,062 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34690#(= |setClientPrivateKey_#in~handle| 1)} {34633#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1755#return; {34587#false} is VALID [2022-02-20 18:01:12,063 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:01:12,065 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,067 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:12,068 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,070 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,070 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,070 INFO L290 TraceCheckUtils]: 2: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,070 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34586#true} {34586#true} #1623#return; {34586#true} is VALID [2022-02-20 18:01:12,070 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {34586#true} is VALID [2022-02-20 18:01:12,071 INFO L272 TraceCheckUtils]: 1: Hoare triple {34586#true} call setClientId(~chuck___0, ~chuck___0); {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:12,071 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,072 INFO L290 TraceCheckUtils]: 3: Hoare triple {34586#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,072 INFO L290 TraceCheckUtils]: 4: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,072 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {34586#true} {34586#true} #1623#return; {34586#true} is VALID [2022-02-20 18:01:12,072 INFO L290 TraceCheckUtils]: 6: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,072 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {34586#true} {34587#false} #1759#return; {34587#false} is VALID [2022-02-20 18:01:12,072 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:01:12,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,076 INFO L290 TraceCheckUtils]: 0: Hoare triple {34679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,076 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,076 INFO L290 TraceCheckUtils]: 2: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,076 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34586#true} {34587#false} #1761#return; {34587#false} is VALID [2022-02-20 18:01:12,104 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 18:01:12,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,107 INFO L290 TraceCheckUtils]: 0: Hoare triple {34695#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,108 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,108 INFO L290 TraceCheckUtils]: 2: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,108 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34586#true} {34587#false} #1645#return; {34587#false} is VALID [2022-02-20 18:01:12,119 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:01:12,120 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,122 INFO L290 TraceCheckUtils]: 0: Hoare triple {34696#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,123 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,123 INFO L290 TraceCheckUtils]: 2: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,123 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34586#true} {34587#false} #1647#return; {34587#false} is VALID [2022-02-20 18:01:12,123 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 139 [2022-02-20 18:01:12,126 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,129 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} ~handle := #in~handle;havoc ~retValue_acc~15; {34586#true} is VALID [2022-02-20 18:01:12,129 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {34586#true} is VALID [2022-02-20 18:01:12,130 INFO L290 TraceCheckUtils]: 2: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,130 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34586#true} {34587#false} #1589#return; {34587#false} is VALID [2022-02-20 18:01:12,130 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 157 [2022-02-20 18:01:12,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,149 INFO L290 TraceCheckUtils]: 0: Hoare triple {34695#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,150 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,150 INFO L290 TraceCheckUtils]: 2: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,150 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34586#true} {34587#false} #1657#return; {34587#false} is VALID [2022-02-20 18:01:12,150 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-02-20 18:01:12,151 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,153 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} ~handle := #in~handle;havoc ~retValue_acc~33; {34586#true} is VALID [2022-02-20 18:01:12,153 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {34586#true} is VALID [2022-02-20 18:01:12,153 INFO L290 TraceCheckUtils]: 2: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,153 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34586#true} {34587#false} #1659#return; {34587#false} is VALID [2022-02-20 18:01:12,153 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 170 [2022-02-20 18:01:12,154 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,155 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} ~handle := #in~handle;havoc ~retValue_acc~15; {34586#true} is VALID [2022-02-20 18:01:12,155 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {34586#true} is VALID [2022-02-20 18:01:12,156 INFO L290 TraceCheckUtils]: 2: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,156 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34586#true} {34587#false} #1661#return; {34587#false} is VALID [2022-02-20 18:01:12,156 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {34586#true} is VALID [2022-02-20 18:01:12,156 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {34586#true} is VALID [2022-02-20 18:01:12,156 INFO L290 TraceCheckUtils]: 2: Hoare triple {34586#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {34586#true} is VALID [2022-02-20 18:01:12,156 INFO L272 TraceCheckUtils]: 3: Hoare triple {34586#true} call select_features_#t~ret50#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:12,157 INFO L290 TraceCheckUtils]: 4: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:12,157 INFO L290 TraceCheckUtils]: 5: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,157 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {34586#true} {34586#true} #1731#return; {34586#true} is VALID [2022-02-20 18:01:12,157 INFO L290 TraceCheckUtils]: 7: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {34586#true} is VALID [2022-02-20 18:01:12,157 INFO L272 TraceCheckUtils]: 8: Hoare triple {34586#true} call select_features_#t~ret51#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:12,157 INFO L290 TraceCheckUtils]: 9: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:12,157 INFO L290 TraceCheckUtils]: 10: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,157 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {34586#true} {34586#true} #1733#return; {34586#true} is VALID [2022-02-20 18:01:12,158 INFO L290 TraceCheckUtils]: 12: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {34586#true} is VALID [2022-02-20 18:01:12,158 INFO L272 TraceCheckUtils]: 13: Hoare triple {34586#true} call select_features_#t~ret52#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:12,158 INFO L290 TraceCheckUtils]: 14: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:12,158 INFO L290 TraceCheckUtils]: 15: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,158 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {34586#true} {34586#true} #1735#return; {34586#true} is VALID [2022-02-20 18:01:12,158 INFO L290 TraceCheckUtils]: 17: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {34586#true} is VALID [2022-02-20 18:01:12,158 INFO L272 TraceCheckUtils]: 18: Hoare triple {34586#true} call select_features_#t~ret53#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:12,158 INFO L290 TraceCheckUtils]: 19: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:12,159 INFO L290 TraceCheckUtils]: 20: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,159 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {34586#true} {34586#true} #1737#return; {34586#true} is VALID [2022-02-20 18:01:12,159 INFO L290 TraceCheckUtils]: 22: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {34586#true} is VALID [2022-02-20 18:01:12,159 INFO L272 TraceCheckUtils]: 23: Hoare triple {34586#true} call select_features_#t~ret54#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:12,159 INFO L290 TraceCheckUtils]: 24: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:12,159 INFO L290 TraceCheckUtils]: 25: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,159 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {34586#true} {34586#true} #1739#return; {34586#true} is VALID [2022-02-20 18:01:12,159 INFO L290 TraceCheckUtils]: 27: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {34586#true} is VALID [2022-02-20 18:01:12,160 INFO L272 TraceCheckUtils]: 28: Hoare triple {34586#true} call select_features_#t~ret55#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:12,160 INFO L290 TraceCheckUtils]: 29: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:12,160 INFO L290 TraceCheckUtils]: 30: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,160 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {34586#true} {34586#true} #1741#return; {34586#true} is VALID [2022-02-20 18:01:12,160 INFO L290 TraceCheckUtils]: 32: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {34586#true} is VALID [2022-02-20 18:01:12,160 INFO L272 TraceCheckUtils]: 33: Hoare triple {34586#true} call select_features_#t~ret56#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:12,160 INFO L290 TraceCheckUtils]: 34: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:12,161 INFO L290 TraceCheckUtils]: 35: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,161 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {34586#true} {34586#true} #1743#return; {34586#true} is VALID [2022-02-20 18:01:12,161 INFO L290 TraceCheckUtils]: 37: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {34586#true} is VALID [2022-02-20 18:01:12,161 INFO L272 TraceCheckUtils]: 38: Hoare triple {34586#true} call select_features_#t~ret57#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:12,161 INFO L290 TraceCheckUtils]: 39: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:12,161 INFO L290 TraceCheckUtils]: 40: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,161 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {34586#true} {34586#true} #1745#return; {34586#true} is VALID [2022-02-20 18:01:12,161 INFO L290 TraceCheckUtils]: 42: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {34586#true} is VALID [2022-02-20 18:01:12,162 INFO L290 TraceCheckUtils]: 43: Hoare triple {34586#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {34586#true} is VALID [2022-02-20 18:01:12,162 INFO L290 TraceCheckUtils]: 44: Hoare triple {34586#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {34586#true} is VALID [2022-02-20 18:01:12,162 INFO L290 TraceCheckUtils]: 45: Hoare triple {34586#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {34586#true} is VALID [2022-02-20 18:01:12,162 INFO L290 TraceCheckUtils]: 46: Hoare triple {34586#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {34586#true} is VALID [2022-02-20 18:01:12,162 INFO L290 TraceCheckUtils]: 47: Hoare triple {34586#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {34586#true} is VALID [2022-02-20 18:01:12,162 INFO L290 TraceCheckUtils]: 48: Hoare triple {34586#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {34586#true} is VALID [2022-02-20 18:01:12,162 INFO L290 TraceCheckUtils]: 49: Hoare triple {34586#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {34586#true} is VALID [2022-02-20 18:01:12,162 INFO L290 TraceCheckUtils]: 50: Hoare triple {34586#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {34586#true} is VALID [2022-02-20 18:01:12,163 INFO L290 TraceCheckUtils]: 51: Hoare triple {34586#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {34586#true} is VALID [2022-02-20 18:01:12,163 INFO L290 TraceCheckUtils]: 52: Hoare triple {34586#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {34586#true} is VALID [2022-02-20 18:01:12,163 INFO L290 TraceCheckUtils]: 53: Hoare triple {34586#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~15#1 := 1; {34586#true} is VALID [2022-02-20 18:01:12,163 INFO L290 TraceCheckUtils]: 54: Hoare triple {34586#true} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {34586#true} is VALID [2022-02-20 18:01:12,163 INFO L290 TraceCheckUtils]: 55: Hoare triple {34586#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {34586#true} is VALID [2022-02-20 18:01:12,163 INFO L290 TraceCheckUtils]: 56: Hoare triple {34586#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {34586#true} is VALID [2022-02-20 18:01:12,163 INFO L290 TraceCheckUtils]: 57: Hoare triple {34586#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {34586#true} is VALID [2022-02-20 18:01:12,164 INFO L272 TraceCheckUtils]: 58: Hoare triple {34586#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:12,164 INFO L290 TraceCheckUtils]: 59: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {34586#true} is VALID [2022-02-20 18:01:12,165 INFO L272 TraceCheckUtils]: 60: Hoare triple {34586#true} call setClientId(~bob___0, ~bob___0); {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:12,165 INFO L290 TraceCheckUtils]: 61: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,165 INFO L290 TraceCheckUtils]: 62: Hoare triple {34586#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,165 INFO L290 TraceCheckUtils]: 63: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,166 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {34586#true} {34586#true} #1729#return; {34586#true} is VALID [2022-02-20 18:01:12,166 INFO L290 TraceCheckUtils]: 65: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,166 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {34586#true} {34586#true} #1747#return; {34586#true} is VALID [2022-02-20 18:01:12,167 INFO L272 TraceCheckUtils]: 67: Hoare triple {34586#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {34679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:12,167 INFO L290 TraceCheckUtils]: 68: Hoare triple {34679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,167 INFO L290 TraceCheckUtils]: 69: Hoare triple {34586#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,167 INFO L290 TraceCheckUtils]: 70: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,167 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {34586#true} {34586#true} #1749#return; {34586#true} is VALID [2022-02-20 18:01:12,167 INFO L290 TraceCheckUtils]: 72: Hoare triple {34586#true} assume { :end_inline_setup_bob__role__Keys } true; {34586#true} is VALID [2022-02-20 18:01:12,168 INFO L290 TraceCheckUtils]: 73: Hoare triple {34586#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {34586#true} is VALID [2022-02-20 18:01:12,168 INFO L290 TraceCheckUtils]: 74: Hoare triple {34586#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {34586#true} is VALID [2022-02-20 18:01:12,174 INFO L272 TraceCheckUtils]: 75: Hoare triple {34586#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:12,175 INFO L290 TraceCheckUtils]: 76: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {34680#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:12,176 INFO L272 TraceCheckUtils]: 77: Hoare triple {34680#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:12,176 INFO L290 TraceCheckUtils]: 78: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34687#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:12,177 INFO L290 TraceCheckUtils]: 79: Hoare triple {34687#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34687#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:12,177 INFO L290 TraceCheckUtils]: 80: Hoare triple {34687#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34688#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:12,178 INFO L290 TraceCheckUtils]: 81: Hoare triple {34688#(= 2 |setClientId_#in~handle|)} assume true; {34688#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:12,178 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {34688#(= 2 |setClientId_#in~handle|)} {34680#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1681#return; {34686#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:12,179 INFO L290 TraceCheckUtils]: 83: Hoare triple {34686#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {34686#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:01:12,179 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {34686#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {34586#true} #1753#return; {34633#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 18:01:12,180 INFO L272 TraceCheckUtils]: 85: Hoare triple {34633#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {34679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:12,181 INFO L290 TraceCheckUtils]: 86: Hoare triple {34679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34689#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:12,181 INFO L290 TraceCheckUtils]: 87: Hoare triple {34689#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34690#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:12,182 INFO L290 TraceCheckUtils]: 88: Hoare triple {34690#(= |setClientPrivateKey_#in~handle| 1)} assume true; {34690#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:12,182 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {34690#(= |setClientPrivateKey_#in~handle| 1)} {34633#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1755#return; {34587#false} is VALID [2022-02-20 18:01:12,182 INFO L290 TraceCheckUtils]: 90: Hoare triple {34587#false} assume { :end_inline_setup_rjh__role__Keys } true; {34587#false} is VALID [2022-02-20 18:01:12,182 INFO L290 TraceCheckUtils]: 91: Hoare triple {34587#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {34587#false} is VALID [2022-02-20 18:01:12,183 INFO L290 TraceCheckUtils]: 92: Hoare triple {34587#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {34587#false} is VALID [2022-02-20 18:01:12,183 INFO L272 TraceCheckUtils]: 93: Hoare triple {34587#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:12,183 INFO L290 TraceCheckUtils]: 94: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {34586#true} is VALID [2022-02-20 18:01:12,184 INFO L272 TraceCheckUtils]: 95: Hoare triple {34586#true} call setClientId(~chuck___0, ~chuck___0); {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:12,184 INFO L290 TraceCheckUtils]: 96: Hoare triple {34674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,184 INFO L290 TraceCheckUtils]: 97: Hoare triple {34586#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,184 INFO L290 TraceCheckUtils]: 98: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,184 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {34586#true} {34586#true} #1623#return; {34586#true} is VALID [2022-02-20 18:01:12,184 INFO L290 TraceCheckUtils]: 100: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,185 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {34586#true} {34587#false} #1759#return; {34587#false} is VALID [2022-02-20 18:01:12,185 INFO L272 TraceCheckUtils]: 102: Hoare triple {34587#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {34679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:12,185 INFO L290 TraceCheckUtils]: 103: Hoare triple {34679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,199 INFO L290 TraceCheckUtils]: 104: Hoare triple {34586#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,199 INFO L290 TraceCheckUtils]: 105: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,200 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {34586#true} {34587#false} #1761#return; {34587#false} is VALID [2022-02-20 18:01:12,200 INFO L290 TraceCheckUtils]: 107: Hoare triple {34587#false} assume { :end_inline_setup_chuck__role__Keys } true; {34587#false} is VALID [2022-02-20 18:01:12,200 INFO L290 TraceCheckUtils]: 108: Hoare triple {34587#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {34587#false} is VALID [2022-02-20 18:01:12,200 INFO L290 TraceCheckUtils]: 109: Hoare triple {34587#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {34587#false} is VALID [2022-02-20 18:01:12,200 INFO L290 TraceCheckUtils]: 110: Hoare triple {34587#false} assume !false; {34587#false} is VALID [2022-02-20 18:01:12,200 INFO L290 TraceCheckUtils]: 111: Hoare triple {34587#false} assume test_~splverifierCounter~0#1 < 4; {34587#false} is VALID [2022-02-20 18:01:12,201 INFO L290 TraceCheckUtils]: 112: Hoare triple {34587#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {34587#false} is VALID [2022-02-20 18:01:12,201 INFO L290 TraceCheckUtils]: 113: Hoare triple {34587#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {34587#false} is VALID [2022-02-20 18:01:12,201 INFO L290 TraceCheckUtils]: 114: Hoare triple {34587#false} assume !(0 != test_~tmp___9~0#1); {34587#false} is VALID [2022-02-20 18:01:12,201 INFO L290 TraceCheckUtils]: 115: Hoare triple {34587#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {34587#false} is VALID [2022-02-20 18:01:12,201 INFO L290 TraceCheckUtils]: 116: Hoare triple {34587#false} assume 0 != test_~tmp___8~0#1; {34587#false} is VALID [2022-02-20 18:01:12,201 INFO L290 TraceCheckUtils]: 117: Hoare triple {34587#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {34587#false} is VALID [2022-02-20 18:01:12,201 INFO L290 TraceCheckUtils]: 118: Hoare triple {34587#false} test_~op2~0#1 := 1; {34587#false} is VALID [2022-02-20 18:01:12,202 INFO L290 TraceCheckUtils]: 119: Hoare triple {34587#false} assume !false; {34587#false} is VALID [2022-02-20 18:01:12,202 INFO L290 TraceCheckUtils]: 120: Hoare triple {34587#false} assume !(test_~splverifierCounter~0#1 < 4); {34587#false} is VALID [2022-02-20 18:01:12,202 INFO L290 TraceCheckUtils]: 121: Hoare triple {34587#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {34587#false} is VALID [2022-02-20 18:01:12,202 INFO L272 TraceCheckUtils]: 122: Hoare triple {34587#false} call sendEmail(~bob~0, ~rjh~0); {34587#false} is VALID [2022-02-20 18:01:12,202 INFO L290 TraceCheckUtils]: 123: Hoare triple {34587#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {34587#false} is VALID [2022-02-20 18:01:12,202 INFO L272 TraceCheckUtils]: 124: Hoare triple {34587#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {34695#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:12,203 INFO L290 TraceCheckUtils]: 125: Hoare triple {34695#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,203 INFO L290 TraceCheckUtils]: 126: Hoare triple {34586#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,203 INFO L290 TraceCheckUtils]: 127: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,203 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {34586#true} {34587#false} #1645#return; {34587#false} is VALID [2022-02-20 18:01:12,203 INFO L272 TraceCheckUtils]: 129: Hoare triple {34587#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {34696#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:12,203 INFO L290 TraceCheckUtils]: 130: Hoare triple {34696#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,204 INFO L290 TraceCheckUtils]: 131: Hoare triple {34586#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,204 INFO L290 TraceCheckUtils]: 132: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,204 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {34586#true} {34587#false} #1647#return; {34587#false} is VALID [2022-02-20 18:01:12,204 INFO L290 TraceCheckUtils]: 134: Hoare triple {34587#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {34587#false} is VALID [2022-02-20 18:01:12,204 INFO L290 TraceCheckUtils]: 135: Hoare triple {34587#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {34587#false} is VALID [2022-02-20 18:01:12,204 INFO L272 TraceCheckUtils]: 136: Hoare triple {34587#false} call outgoing(~sender#1, ~email~0#1); {34587#false} is VALID [2022-02-20 18:01:12,205 INFO L290 TraceCheckUtils]: 137: Hoare triple {34587#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34587#false} is VALID [2022-02-20 18:01:12,205 INFO L290 TraceCheckUtils]: 138: Hoare triple {34587#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {34587#false} is VALID [2022-02-20 18:01:12,205 INFO L272 TraceCheckUtils]: 139: Hoare triple {34587#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {34586#true} is VALID [2022-02-20 18:01:12,205 INFO L290 TraceCheckUtils]: 140: Hoare triple {34586#true} ~handle := #in~handle;havoc ~retValue_acc~15; {34586#true} is VALID [2022-02-20 18:01:12,205 INFO L290 TraceCheckUtils]: 141: Hoare triple {34586#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {34586#true} is VALID [2022-02-20 18:01:12,205 INFO L290 TraceCheckUtils]: 142: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,205 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {34586#true} {34587#false} #1589#return; {34587#false} is VALID [2022-02-20 18:01:12,206 INFO L290 TraceCheckUtils]: 144: Hoare triple {34587#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {34587#false} is VALID [2022-02-20 18:01:12,206 INFO L290 TraceCheckUtils]: 145: Hoare triple {34587#false} assume 0 == sign_~privkey~1#1; {34587#false} is VALID [2022-02-20 18:01:12,206 INFO L290 TraceCheckUtils]: 146: Hoare triple {34587#false} assume { :end_inline_sign } true; {34587#false} is VALID [2022-02-20 18:01:12,206 INFO L272 TraceCheckUtils]: 147: Hoare triple {34587#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {34587#false} is VALID [2022-02-20 18:01:12,206 INFO L290 TraceCheckUtils]: 148: Hoare triple {34587#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34587#false} is VALID [2022-02-20 18:01:12,206 INFO L290 TraceCheckUtils]: 149: Hoare triple {34587#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {34587#false} is VALID [2022-02-20 18:01:12,206 INFO L272 TraceCheckUtils]: 150: Hoare triple {34587#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {34587#false} is VALID [2022-02-20 18:01:12,206 INFO L290 TraceCheckUtils]: 151: Hoare triple {34587#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34587#false} is VALID [2022-02-20 18:01:12,207 INFO L290 TraceCheckUtils]: 152: Hoare triple {34587#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {34587#false} is VALID [2022-02-20 18:01:12,207 INFO L272 TraceCheckUtils]: 153: Hoare triple {34587#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {34587#false} is VALID [2022-02-20 18:01:12,207 INFO L290 TraceCheckUtils]: 154: Hoare triple {34587#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {34587#false} is VALID [2022-02-20 18:01:12,207 INFO L290 TraceCheckUtils]: 155: Hoare triple {34587#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {34587#false} is VALID [2022-02-20 18:01:12,207 INFO L290 TraceCheckUtils]: 156: Hoare triple {34587#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {34587#false} is VALID [2022-02-20 18:01:12,207 INFO L272 TraceCheckUtils]: 157: Hoare triple {34587#false} call setEmailFrom(~msg#1, ~tmp~2#1); {34695#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:12,207 INFO L290 TraceCheckUtils]: 158: Hoare triple {34695#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:12,207 INFO L290 TraceCheckUtils]: 159: Hoare triple {34586#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:12,208 INFO L290 TraceCheckUtils]: 160: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,208 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {34586#true} {34587#false} #1657#return; {34587#false} is VALID [2022-02-20 18:01:12,208 INFO L290 TraceCheckUtils]: 162: Hoare triple {34587#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {34587#false} is VALID [2022-02-20 18:01:12,208 INFO L272 TraceCheckUtils]: 163: Hoare triple {34587#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {34586#true} is VALID [2022-02-20 18:01:12,208 INFO L290 TraceCheckUtils]: 164: Hoare triple {34586#true} ~handle := #in~handle;havoc ~retValue_acc~33; {34586#true} is VALID [2022-02-20 18:01:12,208 INFO L290 TraceCheckUtils]: 165: Hoare triple {34586#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {34586#true} is VALID [2022-02-20 18:01:12,208 INFO L290 TraceCheckUtils]: 166: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,208 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {34586#true} {34587#false} #1659#return; {34587#false} is VALID [2022-02-20 18:01:12,209 INFO L290 TraceCheckUtils]: 168: Hoare triple {34587#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {34587#false} is VALID [2022-02-20 18:01:12,209 INFO L290 TraceCheckUtils]: 169: Hoare triple {34587#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {34587#false} is VALID [2022-02-20 18:01:12,209 INFO L272 TraceCheckUtils]: 170: Hoare triple {34587#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {34586#true} is VALID [2022-02-20 18:01:12,209 INFO L290 TraceCheckUtils]: 171: Hoare triple {34586#true} ~handle := #in~handle;havoc ~retValue_acc~15; {34586#true} is VALID [2022-02-20 18:01:12,209 INFO L290 TraceCheckUtils]: 172: Hoare triple {34586#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {34586#true} is VALID [2022-02-20 18:01:12,209 INFO L290 TraceCheckUtils]: 173: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:12,209 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {34586#true} {34587#false} #1661#return; {34587#false} is VALID [2022-02-20 18:01:12,209 INFO L290 TraceCheckUtils]: 175: Hoare triple {34587#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {34587#false} is VALID [2022-02-20 18:01:12,210 INFO L290 TraceCheckUtils]: 176: Hoare triple {34587#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {34587#false} is VALID [2022-02-20 18:01:12,210 INFO L290 TraceCheckUtils]: 177: Hoare triple {34587#false} assume !false; {34587#false} is VALID [2022-02-20 18:01:12,210 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 106 trivial. 0 not checked. [2022-02-20 18:01:12,210 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:12,210 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1821809868] [2022-02-20 18:01:12,211 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1821809868] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:12,211 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1590882370] [2022-02-20 18:01:12,211 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:12,211 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:12,211 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:12,225 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:12,240 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:01:12,558 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,563 INFO L263 TraceCheckSpWp]: Trace formula consists of 1444 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:01:12,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:12,675 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:13,217 INFO L290 TraceCheckUtils]: 0: Hoare triple {34586#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {34586#true} is VALID [2022-02-20 18:01:13,218 INFO L290 TraceCheckUtils]: 1: Hoare triple {34586#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {34586#true} is VALID [2022-02-20 18:01:13,218 INFO L290 TraceCheckUtils]: 2: Hoare triple {34586#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {34586#true} is VALID [2022-02-20 18:01:13,218 INFO L272 TraceCheckUtils]: 3: Hoare triple {34586#true} call select_features_#t~ret50#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:13,218 INFO L290 TraceCheckUtils]: 4: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:13,218 INFO L290 TraceCheckUtils]: 5: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,218 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {34586#true} {34586#true} #1731#return; {34586#true} is VALID [2022-02-20 18:01:13,218 INFO L290 TraceCheckUtils]: 7: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {34586#true} is VALID [2022-02-20 18:01:13,218 INFO L272 TraceCheckUtils]: 8: Hoare triple {34586#true} call select_features_#t~ret51#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:13,219 INFO L290 TraceCheckUtils]: 9: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:13,219 INFO L290 TraceCheckUtils]: 10: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,219 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {34586#true} {34586#true} #1733#return; {34586#true} is VALID [2022-02-20 18:01:13,219 INFO L290 TraceCheckUtils]: 12: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {34586#true} is VALID [2022-02-20 18:01:13,219 INFO L272 TraceCheckUtils]: 13: Hoare triple {34586#true} call select_features_#t~ret52#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:13,219 INFO L290 TraceCheckUtils]: 14: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:13,219 INFO L290 TraceCheckUtils]: 15: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,219 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {34586#true} {34586#true} #1735#return; {34586#true} is VALID [2022-02-20 18:01:13,219 INFO L290 TraceCheckUtils]: 17: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {34586#true} is VALID [2022-02-20 18:01:13,220 INFO L272 TraceCheckUtils]: 18: Hoare triple {34586#true} call select_features_#t~ret53#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:13,220 INFO L290 TraceCheckUtils]: 19: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:13,220 INFO L290 TraceCheckUtils]: 20: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,220 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {34586#true} {34586#true} #1737#return; {34586#true} is VALID [2022-02-20 18:01:13,220 INFO L290 TraceCheckUtils]: 22: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {34586#true} is VALID [2022-02-20 18:01:13,220 INFO L272 TraceCheckUtils]: 23: Hoare triple {34586#true} call select_features_#t~ret54#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:13,220 INFO L290 TraceCheckUtils]: 24: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:13,220 INFO L290 TraceCheckUtils]: 25: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,220 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {34586#true} {34586#true} #1739#return; {34586#true} is VALID [2022-02-20 18:01:13,220 INFO L290 TraceCheckUtils]: 27: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {34586#true} is VALID [2022-02-20 18:01:13,221 INFO L272 TraceCheckUtils]: 28: Hoare triple {34586#true} call select_features_#t~ret55#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:13,221 INFO L290 TraceCheckUtils]: 29: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:13,221 INFO L290 TraceCheckUtils]: 30: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,221 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {34586#true} {34586#true} #1741#return; {34586#true} is VALID [2022-02-20 18:01:13,221 INFO L290 TraceCheckUtils]: 32: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {34586#true} is VALID [2022-02-20 18:01:13,221 INFO L272 TraceCheckUtils]: 33: Hoare triple {34586#true} call select_features_#t~ret56#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:13,221 INFO L290 TraceCheckUtils]: 34: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:13,221 INFO L290 TraceCheckUtils]: 35: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,221 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {34586#true} {34586#true} #1743#return; {34586#true} is VALID [2022-02-20 18:01:13,222 INFO L290 TraceCheckUtils]: 37: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {34586#true} is VALID [2022-02-20 18:01:13,222 INFO L272 TraceCheckUtils]: 38: Hoare triple {34586#true} call select_features_#t~ret57#1 := select_one(); {34586#true} is VALID [2022-02-20 18:01:13,222 INFO L290 TraceCheckUtils]: 39: Hoare triple {34586#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {34586#true} is VALID [2022-02-20 18:01:13,222 INFO L290 TraceCheckUtils]: 40: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,222 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {34586#true} {34586#true} #1745#return; {34586#true} is VALID [2022-02-20 18:01:13,222 INFO L290 TraceCheckUtils]: 42: Hoare triple {34586#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {34586#true} is VALID [2022-02-20 18:01:13,222 INFO L290 TraceCheckUtils]: 43: Hoare triple {34586#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {34586#true} is VALID [2022-02-20 18:01:13,222 INFO L290 TraceCheckUtils]: 44: Hoare triple {34586#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {34586#true} is VALID [2022-02-20 18:01:13,222 INFO L290 TraceCheckUtils]: 45: Hoare triple {34586#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {34586#true} is VALID [2022-02-20 18:01:13,223 INFO L290 TraceCheckUtils]: 46: Hoare triple {34586#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {34586#true} is VALID [2022-02-20 18:01:13,223 INFO L290 TraceCheckUtils]: 47: Hoare triple {34586#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {34586#true} is VALID [2022-02-20 18:01:13,223 INFO L290 TraceCheckUtils]: 48: Hoare triple {34586#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {34586#true} is VALID [2022-02-20 18:01:13,223 INFO L290 TraceCheckUtils]: 49: Hoare triple {34586#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {34586#true} is VALID [2022-02-20 18:01:13,223 INFO L290 TraceCheckUtils]: 50: Hoare triple {34586#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {34586#true} is VALID [2022-02-20 18:01:13,223 INFO L290 TraceCheckUtils]: 51: Hoare triple {34586#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {34586#true} is VALID [2022-02-20 18:01:13,223 INFO L290 TraceCheckUtils]: 52: Hoare triple {34586#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {34586#true} is VALID [2022-02-20 18:01:13,223 INFO L290 TraceCheckUtils]: 53: Hoare triple {34586#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~15#1 := 1; {34586#true} is VALID [2022-02-20 18:01:13,223 INFO L290 TraceCheckUtils]: 54: Hoare triple {34586#true} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {34586#true} is VALID [2022-02-20 18:01:13,223 INFO L290 TraceCheckUtils]: 55: Hoare triple {34586#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {34586#true} is VALID [2022-02-20 18:01:13,224 INFO L290 TraceCheckUtils]: 56: Hoare triple {34586#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {34586#true} is VALID [2022-02-20 18:01:13,250 INFO L290 TraceCheckUtils]: 57: Hoare triple {34586#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {34586#true} is VALID [2022-02-20 18:01:13,250 INFO L272 TraceCheckUtils]: 58: Hoare triple {34586#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {34586#true} is VALID [2022-02-20 18:01:13,250 INFO L290 TraceCheckUtils]: 59: Hoare triple {34586#true} ~bob___0 := #in~bob___0; {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L272 TraceCheckUtils]: 60: Hoare triple {34586#true} call setClientId(~bob___0, ~bob___0); {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L290 TraceCheckUtils]: 61: Hoare triple {34586#true} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L290 TraceCheckUtils]: 62: Hoare triple {34586#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L290 TraceCheckUtils]: 63: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {34586#true} {34586#true} #1729#return; {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L290 TraceCheckUtils]: 65: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {34586#true} {34586#true} #1747#return; {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L272 TraceCheckUtils]: 67: Hoare triple {34586#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L290 TraceCheckUtils]: 68: Hoare triple {34586#true} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L290 TraceCheckUtils]: 69: Hoare triple {34586#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L290 TraceCheckUtils]: 70: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {34586#true} {34586#true} #1749#return; {34586#true} is VALID [2022-02-20 18:01:13,251 INFO L290 TraceCheckUtils]: 72: Hoare triple {34586#true} assume { :end_inline_setup_bob__role__Keys } true; {34586#true} is VALID [2022-02-20 18:01:13,252 INFO L290 TraceCheckUtils]: 73: Hoare triple {34586#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {34919#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:01:13,252 INFO L290 TraceCheckUtils]: 74: Hoare triple {34919#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {34923#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:01:13,252 INFO L272 TraceCheckUtils]: 75: Hoare triple {34923#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {34586#true} is VALID [2022-02-20 18:01:13,252 INFO L290 TraceCheckUtils]: 76: Hoare triple {34586#true} ~rjh___0 := #in~rjh___0; {34586#true} is VALID [2022-02-20 18:01:13,253 INFO L272 TraceCheckUtils]: 77: Hoare triple {34586#true} call setClientId(~rjh___0, ~rjh___0); {34586#true} is VALID [2022-02-20 18:01:13,253 INFO L290 TraceCheckUtils]: 78: Hoare triple {34586#true} ~handle := #in~handle;~value := #in~value; {34586#true} is VALID [2022-02-20 18:01:13,253 INFO L290 TraceCheckUtils]: 79: Hoare triple {34586#true} assume !(1 == ~handle); {34586#true} is VALID [2022-02-20 18:01:13,253 INFO L290 TraceCheckUtils]: 80: Hoare triple {34586#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34586#true} is VALID [2022-02-20 18:01:13,253 INFO L290 TraceCheckUtils]: 81: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,253 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {34586#true} {34586#true} #1681#return; {34586#true} is VALID [2022-02-20 18:01:13,253 INFO L290 TraceCheckUtils]: 83: Hoare triple {34586#true} assume true; {34586#true} is VALID [2022-02-20 18:01:13,253 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {34586#true} {34923#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1753#return; {34923#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:01:13,253 INFO L272 TraceCheckUtils]: 85: Hoare triple {34923#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {34586#true} is VALID [2022-02-20 18:01:13,254 INFO L290 TraceCheckUtils]: 86: Hoare triple {34586#true} ~handle := #in~handle;~value := #in~value; {34960#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:01:13,254 INFO L290 TraceCheckUtils]: 87: Hoare triple {34960#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34964#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:13,255 INFO L290 TraceCheckUtils]: 88: Hoare triple {34964#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {34964#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:13,255 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {34964#(<= |setClientPrivateKey_#in~handle| 1)} {34923#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1755#return; {34587#false} is VALID [2022-02-20 18:01:13,255 INFO L290 TraceCheckUtils]: 90: Hoare triple {34587#false} assume { :end_inline_setup_rjh__role__Keys } true; {34587#false} is VALID [2022-02-20 18:01:13,255 INFO L290 TraceCheckUtils]: 91: Hoare triple {34587#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {34587#false} is VALID [2022-02-20 18:01:13,255 INFO L290 TraceCheckUtils]: 92: Hoare triple {34587#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {34587#false} is VALID [2022-02-20 18:01:13,255 INFO L272 TraceCheckUtils]: 93: Hoare triple {34587#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {34587#false} is VALID [2022-02-20 18:01:13,255 INFO L290 TraceCheckUtils]: 94: Hoare triple {34587#false} ~chuck___0 := #in~chuck___0; {34587#false} is VALID [2022-02-20 18:01:13,255 INFO L272 TraceCheckUtils]: 95: Hoare triple {34587#false} call setClientId(~chuck___0, ~chuck___0); {34587#false} is VALID [2022-02-20 18:01:13,255 INFO L290 TraceCheckUtils]: 96: Hoare triple {34587#false} ~handle := #in~handle;~value := #in~value; {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L290 TraceCheckUtils]: 97: Hoare triple {34587#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L290 TraceCheckUtils]: 98: Hoare triple {34587#false} assume true; {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {34587#false} {34587#false} #1623#return; {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L290 TraceCheckUtils]: 100: Hoare triple {34587#false} assume true; {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {34587#false} {34587#false} #1759#return; {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L272 TraceCheckUtils]: 102: Hoare triple {34587#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L290 TraceCheckUtils]: 103: Hoare triple {34587#false} ~handle := #in~handle;~value := #in~value; {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L290 TraceCheckUtils]: 104: Hoare triple {34587#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L290 TraceCheckUtils]: 105: Hoare triple {34587#false} assume true; {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {34587#false} {34587#false} #1761#return; {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L290 TraceCheckUtils]: 107: Hoare triple {34587#false} assume { :end_inline_setup_chuck__role__Keys } true; {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L290 TraceCheckUtils]: 108: Hoare triple {34587#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {34587#false} is VALID [2022-02-20 18:01:13,256 INFO L290 TraceCheckUtils]: 109: Hoare triple {34587#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {34587#false} is VALID [2022-02-20 18:01:13,259 INFO L290 TraceCheckUtils]: 110: Hoare triple {34587#false} assume !false; {34587#false} is VALID [2022-02-20 18:01:13,260 INFO L290 TraceCheckUtils]: 111: Hoare triple {34587#false} assume test_~splverifierCounter~0#1 < 4; {34587#false} is VALID [2022-02-20 18:01:13,260 INFO L290 TraceCheckUtils]: 112: Hoare triple {34587#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {34587#false} is VALID [2022-02-20 18:01:13,260 INFO L290 TraceCheckUtils]: 113: Hoare triple {34587#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {34587#false} is VALID [2022-02-20 18:01:13,260 INFO L290 TraceCheckUtils]: 114: Hoare triple {34587#false} assume !(0 != test_~tmp___9~0#1); {34587#false} is VALID [2022-02-20 18:01:13,260 INFO L290 TraceCheckUtils]: 115: Hoare triple {34587#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {34587#false} is VALID [2022-02-20 18:01:13,260 INFO L290 TraceCheckUtils]: 116: Hoare triple {34587#false} assume 0 != test_~tmp___8~0#1; {34587#false} is VALID [2022-02-20 18:01:13,260 INFO L290 TraceCheckUtils]: 117: Hoare triple {34587#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {34587#false} is VALID [2022-02-20 18:01:13,260 INFO L290 TraceCheckUtils]: 118: Hoare triple {34587#false} test_~op2~0#1 := 1; {34587#false} is VALID [2022-02-20 18:01:13,260 INFO L290 TraceCheckUtils]: 119: Hoare triple {34587#false} assume !false; {34587#false} is VALID [2022-02-20 18:01:13,260 INFO L290 TraceCheckUtils]: 120: Hoare triple {34587#false} assume !(test_~splverifierCounter~0#1 < 4); {34587#false} is VALID [2022-02-20 18:01:13,260 INFO L290 TraceCheckUtils]: 121: Hoare triple {34587#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {34587#false} is VALID [2022-02-20 18:01:13,260 INFO L272 TraceCheckUtils]: 122: Hoare triple {34587#false} call sendEmail(~bob~0, ~rjh~0); {34587#false} is VALID [2022-02-20 18:01:13,264 INFO L290 TraceCheckUtils]: 123: Hoare triple {34587#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {34587#false} is VALID [2022-02-20 18:01:13,264 INFO L272 TraceCheckUtils]: 124: Hoare triple {34587#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {34587#false} is VALID [2022-02-20 18:01:13,264 INFO L290 TraceCheckUtils]: 125: Hoare triple {34587#false} ~handle := #in~handle;~value := #in~value; {34587#false} is VALID [2022-02-20 18:01:13,264 INFO L290 TraceCheckUtils]: 126: Hoare triple {34587#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L290 TraceCheckUtils]: 127: Hoare triple {34587#false} assume true; {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {34587#false} {34587#false} #1645#return; {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L272 TraceCheckUtils]: 129: Hoare triple {34587#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L290 TraceCheckUtils]: 130: Hoare triple {34587#false} ~handle := #in~handle;~value := #in~value; {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L290 TraceCheckUtils]: 131: Hoare triple {34587#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L290 TraceCheckUtils]: 132: Hoare triple {34587#false} assume true; {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {34587#false} {34587#false} #1647#return; {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L290 TraceCheckUtils]: 134: Hoare triple {34587#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L290 TraceCheckUtils]: 135: Hoare triple {34587#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L272 TraceCheckUtils]: 136: Hoare triple {34587#false} call outgoing(~sender#1, ~email~0#1); {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L290 TraceCheckUtils]: 137: Hoare triple {34587#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L290 TraceCheckUtils]: 138: Hoare triple {34587#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {34587#false} is VALID [2022-02-20 18:01:13,265 INFO L272 TraceCheckUtils]: 139: Hoare triple {34587#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {34587#false} is VALID [2022-02-20 18:01:13,266 INFO L290 TraceCheckUtils]: 140: Hoare triple {34587#false} ~handle := #in~handle;havoc ~retValue_acc~15; {34587#false} is VALID [2022-02-20 18:01:13,266 INFO L290 TraceCheckUtils]: 141: Hoare triple {34587#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {34587#false} is VALID [2022-02-20 18:01:13,266 INFO L290 TraceCheckUtils]: 142: Hoare triple {34587#false} assume true; {34587#false} is VALID [2022-02-20 18:01:13,266 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {34587#false} {34587#false} #1589#return; {34587#false} is VALID [2022-02-20 18:01:13,266 INFO L290 TraceCheckUtils]: 144: Hoare triple {34587#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {34587#false} is VALID [2022-02-20 18:01:13,266 INFO L290 TraceCheckUtils]: 145: Hoare triple {34587#false} assume 0 == sign_~privkey~1#1; {34587#false} is VALID [2022-02-20 18:01:13,266 INFO L290 TraceCheckUtils]: 146: Hoare triple {34587#false} assume { :end_inline_sign } true; {34587#false} is VALID [2022-02-20 18:01:13,266 INFO L272 TraceCheckUtils]: 147: Hoare triple {34587#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {34587#false} is VALID [2022-02-20 18:01:13,266 INFO L290 TraceCheckUtils]: 148: Hoare triple {34587#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34587#false} is VALID [2022-02-20 18:01:13,266 INFO L290 TraceCheckUtils]: 149: Hoare triple {34587#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {34587#false} is VALID [2022-02-20 18:01:13,267 INFO L272 TraceCheckUtils]: 150: Hoare triple {34587#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {34587#false} is VALID [2022-02-20 18:01:13,267 INFO L290 TraceCheckUtils]: 151: Hoare triple {34587#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34587#false} is VALID [2022-02-20 18:01:13,267 INFO L290 TraceCheckUtils]: 152: Hoare triple {34587#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {34587#false} is VALID [2022-02-20 18:01:13,267 INFO L272 TraceCheckUtils]: 153: Hoare triple {34587#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {34587#false} is VALID [2022-02-20 18:01:13,267 INFO L290 TraceCheckUtils]: 154: Hoare triple {34587#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {34587#false} is VALID [2022-02-20 18:01:13,267 INFO L290 TraceCheckUtils]: 155: Hoare triple {34587#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {34587#false} is VALID [2022-02-20 18:01:13,267 INFO L290 TraceCheckUtils]: 156: Hoare triple {34587#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {34587#false} is VALID [2022-02-20 18:01:13,267 INFO L272 TraceCheckUtils]: 157: Hoare triple {34587#false} call setEmailFrom(~msg#1, ~tmp~2#1); {34587#false} is VALID [2022-02-20 18:01:13,267 INFO L290 TraceCheckUtils]: 158: Hoare triple {34587#false} ~handle := #in~handle;~value := #in~value; {34587#false} is VALID [2022-02-20 18:01:13,268 INFO L290 TraceCheckUtils]: 159: Hoare triple {34587#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34587#false} is VALID [2022-02-20 18:01:13,268 INFO L290 TraceCheckUtils]: 160: Hoare triple {34587#false} assume true; {34587#false} is VALID [2022-02-20 18:01:13,268 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {34587#false} {34587#false} #1657#return; {34587#false} is VALID [2022-02-20 18:01:13,268 INFO L290 TraceCheckUtils]: 162: Hoare triple {34587#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {34587#false} is VALID [2022-02-20 18:01:13,268 INFO L272 TraceCheckUtils]: 163: Hoare triple {34587#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {34587#false} is VALID [2022-02-20 18:01:13,268 INFO L290 TraceCheckUtils]: 164: Hoare triple {34587#false} ~handle := #in~handle;havoc ~retValue_acc~33; {34587#false} is VALID [2022-02-20 18:01:13,268 INFO L290 TraceCheckUtils]: 165: Hoare triple {34587#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {34587#false} is VALID [2022-02-20 18:01:13,268 INFO L290 TraceCheckUtils]: 166: Hoare triple {34587#false} assume true; {34587#false} is VALID [2022-02-20 18:01:13,268 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {34587#false} {34587#false} #1659#return; {34587#false} is VALID [2022-02-20 18:01:13,268 INFO L290 TraceCheckUtils]: 168: Hoare triple {34587#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {34587#false} is VALID [2022-02-20 18:01:13,269 INFO L290 TraceCheckUtils]: 169: Hoare triple {34587#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {34587#false} is VALID [2022-02-20 18:01:13,269 INFO L272 TraceCheckUtils]: 170: Hoare triple {34587#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {34587#false} is VALID [2022-02-20 18:01:13,269 INFO L290 TraceCheckUtils]: 171: Hoare triple {34587#false} ~handle := #in~handle;havoc ~retValue_acc~15; {34587#false} is VALID [2022-02-20 18:01:13,269 INFO L290 TraceCheckUtils]: 172: Hoare triple {34587#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {34587#false} is VALID [2022-02-20 18:01:13,269 INFO L290 TraceCheckUtils]: 173: Hoare triple {34587#false} assume true; {34587#false} is VALID [2022-02-20 18:01:13,269 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {34587#false} {34587#false} #1661#return; {34587#false} is VALID [2022-02-20 18:01:13,269 INFO L290 TraceCheckUtils]: 175: Hoare triple {34587#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {34587#false} is VALID [2022-02-20 18:01:13,269 INFO L290 TraceCheckUtils]: 176: Hoare triple {34587#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {34587#false} is VALID [2022-02-20 18:01:13,269 INFO L290 TraceCheckUtils]: 177: Hoare triple {34587#false} assume !false; {34587#false} is VALID [2022-02-20 18:01:13,270 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 99 trivial. 0 not checked. [2022-02-20 18:01:13,270 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:13,270 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1590882370] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:13,270 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:13,270 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [13] total 17 [2022-02-20 18:01:13,270 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [719509863] [2022-02-20 18:01:13,271 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:13,271 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 20.8) internal successors, (104), 6 states have internal predecessors, (104), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) Word has length 178 [2022-02-20 18:01:13,272 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:13,272 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 5 states have (on average 20.8) internal successors, (104), 6 states have internal predecessors, (104), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:01:13,418 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 155 edges. 155 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:13,419 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:01:13,419 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:13,419 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:01:13,419 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=34, Invalid=238, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:01:13,420 INFO L87 Difference]: Start difference. First operand 686 states and 1001 transitions. Second operand has 6 states, 5 states have (on average 20.8) internal successors, (104), 6 states have internal predecessors, (104), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:01:15,705 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:15,705 INFO L93 Difference]: Finished difference Result 1316 states and 1937 transitions. [2022-02-20 18:01:15,705 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:01:15,706 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 20.8) internal successors, (104), 6 states have internal predecessors, (104), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) Word has length 178 [2022-02-20 18:01:15,706 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:15,706 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 20.8) internal successors, (104), 6 states have internal predecessors, (104), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:01:15,717 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 1633 transitions. [2022-02-20 18:01:15,718 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 20.8) internal successors, (104), 6 states have internal predecessors, (104), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:01:15,735 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 1633 transitions. [2022-02-20 18:01:15,737 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 1633 transitions. [2022-02-20 18:01:17,006 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1633 edges. 1633 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:17,121 INFO L225 Difference]: With dead ends: 1316 [2022-02-20 18:01:17,121 INFO L226 Difference]: Without dead ends: 688 [2022-02-20 18:01:17,123 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 231 GetRequests, 214 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=43, Invalid=299, Unknown=0, NotChecked=0, Total=342 [2022-02-20 18:01:17,125 INFO L933 BasicCegarLoop]: 836 mSDtfsCounter, 361 mSDsluCounter, 2940 mSDsCounter, 0 mSdLazyCounter, 56 mSolverCounterSat, 47 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 361 SdHoareTripleChecker+Valid, 3776 SdHoareTripleChecker+Invalid, 103 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 47 IncrementalHoareTripleChecker+Valid, 56 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:17,126 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [361 Valid, 3776 Invalid, 103 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [47 Valid, 56 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:01:17,127 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 688 states. [2022-02-20 18:01:17,304 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 688 to 688. [2022-02-20 18:01:17,304 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:17,320 INFO L82 GeneralOperation]: Start isEquivalent. First operand 688 states. Second operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 536 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 18:01:17,321 INFO L74 IsIncluded]: Start isIncluded. First operand 688 states. Second operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 536 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 18:01:17,322 INFO L87 Difference]: Start difference. First operand 688 states. Second operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 536 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 18:01:17,376 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:17,376 INFO L93 Difference]: Finished difference Result 688 states and 1007 transitions. [2022-02-20 18:01:17,377 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1007 transitions. [2022-02-20 18:01:17,379 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:17,379 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:17,380 INFO L74 IsIncluded]: Start isIncluded. First operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 536 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) Second operand 688 states. [2022-02-20 18:01:17,381 INFO L87 Difference]: Start difference. First operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 536 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) Second operand 688 states. [2022-02-20 18:01:17,409 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:17,409 INFO L93 Difference]: Finished difference Result 688 states and 1007 transitions. [2022-02-20 18:01:17,409 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1007 transitions. [2022-02-20 18:01:17,411 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:17,419 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:17,419 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:17,419 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:17,421 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 536 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 18:01:17,473 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 688 states to 688 states and 1007 transitions. [2022-02-20 18:01:17,474 INFO L78 Accepts]: Start accepts. Automaton has 688 states and 1007 transitions. Word has length 178 [2022-02-20 18:01:17,474 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:17,474 INFO L470 AbstractCegarLoop]: Abstraction has 688 states and 1007 transitions. [2022-02-20 18:01:17,475 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 20.8) internal successors, (104), 6 states have internal predecessors, (104), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:01:17,475 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1007 transitions. [2022-02-20 18:01:17,477 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 180 [2022-02-20 18:01:17,477 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:17,477 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:17,508 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:17,695 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:17,696 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:17,696 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:17,696 INFO L85 PathProgramCache]: Analyzing trace with hash -1664245019, now seen corresponding path program 1 times [2022-02-20 18:01:17,696 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:17,696 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1607606193] [2022-02-20 18:01:17,696 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:17,696 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:17,751 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,801 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:01:17,802 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,807 INFO L290 TraceCheckUtils]: 0: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:17,808 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,808 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39369#true} {39369#true} #1731#return; {39369#true} is VALID [2022-02-20 18:01:17,808 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:01:17,809 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,824 INFO L290 TraceCheckUtils]: 0: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:17,824 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,824 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39369#true} {39369#true} #1733#return; {39369#true} is VALID [2022-02-20 18:01:17,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:01:17,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,828 INFO L290 TraceCheckUtils]: 0: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:17,829 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,829 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39369#true} {39369#true} #1735#return; {39369#true} is VALID [2022-02-20 18:01:17,829 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:17,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,832 INFO L290 TraceCheckUtils]: 0: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:17,832 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,832 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39369#true} {39369#true} #1737#return; {39369#true} is VALID [2022-02-20 18:01:17,832 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:01:17,834 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,835 INFO L290 TraceCheckUtils]: 0: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:17,835 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,835 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39369#true} {39369#true} #1739#return; {39369#true} is VALID [2022-02-20 18:01:17,836 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:01:17,837 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,838 INFO L290 TraceCheckUtils]: 0: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:17,839 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,839 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39369#true} {39369#true} #1741#return; {39369#true} is VALID [2022-02-20 18:01:17,839 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:01:17,841 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,859 INFO L290 TraceCheckUtils]: 0: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:17,859 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,859 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39369#true} {39369#true} #1743#return; {39369#true} is VALID [2022-02-20 18:01:17,859 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:01:17,861 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,863 INFO L290 TraceCheckUtils]: 0: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:17,863 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,863 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39369#true} {39369#true} #1745#return; {39369#true} is VALID [2022-02-20 18:01:17,868 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:01:17,871 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,873 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:17,874 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,876 INFO L290 TraceCheckUtils]: 0: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:17,876 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:17,876 INFO L290 TraceCheckUtils]: 2: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,876 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39369#true} {39369#true} #1729#return; {39369#true} is VALID [2022-02-20 18:01:17,876 INFO L290 TraceCheckUtils]: 0: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {39369#true} is VALID [2022-02-20 18:01:17,877 INFO L272 TraceCheckUtils]: 1: Hoare triple {39369#true} call setClientId(~bob___0, ~bob___0); {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:17,877 INFO L290 TraceCheckUtils]: 2: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:17,877 INFO L290 TraceCheckUtils]: 3: Hoare triple {39369#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:17,877 INFO L290 TraceCheckUtils]: 4: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,877 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {39369#true} {39369#true} #1729#return; {39369#true} is VALID [2022-02-20 18:01:17,877 INFO L290 TraceCheckUtils]: 6: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,878 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {39369#true} {39369#true} #1747#return; {39369#true} is VALID [2022-02-20 18:01:17,900 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:01:17,902 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,904 INFO L290 TraceCheckUtils]: 0: Hoare triple {39464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:17,904 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:17,904 INFO L290 TraceCheckUtils]: 2: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,904 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39369#true} {39369#true} #1749#return; {39369#true} is VALID [2022-02-20 18:01:17,904 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:01:17,905 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,907 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:17,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,910 INFO L290 TraceCheckUtils]: 0: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:17,910 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume !(1 == ~handle); {39369#true} is VALID [2022-02-20 18:01:17,910 INFO L290 TraceCheckUtils]: 2: Hoare triple {39369#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:17,910 INFO L290 TraceCheckUtils]: 3: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,910 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {39369#true} {39369#true} #1681#return; {39369#true} is VALID [2022-02-20 18:01:17,910 INFO L290 TraceCheckUtils]: 0: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {39369#true} is VALID [2022-02-20 18:01:17,911 INFO L272 TraceCheckUtils]: 1: Hoare triple {39369#true} call setClientId(~rjh___0, ~rjh___0); {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:17,911 INFO L290 TraceCheckUtils]: 2: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:17,911 INFO L290 TraceCheckUtils]: 3: Hoare triple {39369#true} assume !(1 == ~handle); {39369#true} is VALID [2022-02-20 18:01:17,911 INFO L290 TraceCheckUtils]: 4: Hoare triple {39369#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:17,911 INFO L290 TraceCheckUtils]: 5: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,911 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {39369#true} {39369#true} #1681#return; {39369#true} is VALID [2022-02-20 18:01:17,911 INFO L290 TraceCheckUtils]: 7: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,912 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {39369#true} {39369#true} #1753#return; {39369#true} is VALID [2022-02-20 18:01:17,912 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:01:17,915 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,929 INFO L290 TraceCheckUtils]: 0: Hoare triple {39464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:17,929 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume !(1 == ~handle); {39369#true} is VALID [2022-02-20 18:01:17,929 INFO L290 TraceCheckUtils]: 2: Hoare triple {39369#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:17,929 INFO L290 TraceCheckUtils]: 3: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,930 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {39369#true} {39369#true} #1755#return; {39369#true} is VALID [2022-02-20 18:01:17,930 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:01:17,932 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,947 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:17,948 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39476#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:17,972 INFO L290 TraceCheckUtils]: 1: Hoare triple {39476#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39477#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:17,973 INFO L290 TraceCheckUtils]: 2: Hoare triple {39477#(= |setClientId_#in~handle| 1)} assume true; {39477#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:17,987 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39477#(= |setClientId_#in~handle| 1)} {39470#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1623#return; {39475#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:01:17,988 INFO L290 TraceCheckUtils]: 0: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {39470#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 18:01:17,989 INFO L272 TraceCheckUtils]: 1: Hoare triple {39470#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:17,989 INFO L290 TraceCheckUtils]: 2: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39476#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:17,990 INFO L290 TraceCheckUtils]: 3: Hoare triple {39476#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39477#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:17,990 INFO L290 TraceCheckUtils]: 4: Hoare triple {39477#(= |setClientId_#in~handle| 1)} assume true; {39477#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:17,991 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {39477#(= |setClientId_#in~handle| 1)} {39470#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1623#return; {39475#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:01:17,991 INFO L290 TraceCheckUtils]: 6: Hoare triple {39475#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} assume true; {39475#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:01:17,991 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {39475#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} {39422#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} #1759#return; {39370#false} is VALID [2022-02-20 18:01:17,992 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:01:17,993 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:17,997 INFO L290 TraceCheckUtils]: 0: Hoare triple {39464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:17,997 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:17,997 INFO L290 TraceCheckUtils]: 2: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:17,997 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39369#true} {39370#false} #1761#return; {39370#false} is VALID [2022-02-20 18:01:18,007 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:01:18,008 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:18,010 INFO L290 TraceCheckUtils]: 0: Hoare triple {39478#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:18,010 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:18,010 INFO L290 TraceCheckUtils]: 2: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,010 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39369#true} {39370#false} #1645#return; {39370#false} is VALID [2022-02-20 18:01:18,020 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 18:01:18,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:18,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {39479#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:18,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:18,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,039 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39369#true} {39370#false} #1647#return; {39370#false} is VALID [2022-02-20 18:01:18,039 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 140 [2022-02-20 18:01:18,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:18,041 INFO L290 TraceCheckUtils]: 0: Hoare triple {39369#true} ~handle := #in~handle;havoc ~retValue_acc~15; {39369#true} is VALID [2022-02-20 18:01:18,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {39369#true} is VALID [2022-02-20 18:01:18,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,042 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39369#true} {39370#false} #1589#return; {39370#false} is VALID [2022-02-20 18:01:18,042 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 158 [2022-02-20 18:01:18,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:18,046 INFO L290 TraceCheckUtils]: 0: Hoare triple {39478#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:18,046 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:18,046 INFO L290 TraceCheckUtils]: 2: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,046 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39369#true} {39370#false} #1657#return; {39370#false} is VALID [2022-02-20 18:01:18,047 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 164 [2022-02-20 18:01:18,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:18,050 INFO L290 TraceCheckUtils]: 0: Hoare triple {39369#true} ~handle := #in~handle;havoc ~retValue_acc~33; {39369#true} is VALID [2022-02-20 18:01:18,050 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {39369#true} is VALID [2022-02-20 18:01:18,050 INFO L290 TraceCheckUtils]: 2: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,051 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39369#true} {39370#false} #1659#return; {39370#false} is VALID [2022-02-20 18:01:18,051 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 171 [2022-02-20 18:01:18,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:18,054 INFO L290 TraceCheckUtils]: 0: Hoare triple {39369#true} ~handle := #in~handle;havoc ~retValue_acc~15; {39369#true} is VALID [2022-02-20 18:01:18,054 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {39369#true} is VALID [2022-02-20 18:01:18,054 INFO L290 TraceCheckUtils]: 2: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,054 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39369#true} {39370#false} #1661#return; {39370#false} is VALID [2022-02-20 18:01:18,054 INFO L290 TraceCheckUtils]: 0: Hoare triple {39369#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(22, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(44, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(11, 16);call #Ultimate.allocInit(19, 17);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(4, 19);call write~init~int(37, 19, 0, 1);call write~init~int(100, 19, 1, 1);call write~init~int(10, 19, 2, 1);call write~init~int(0, 19, 3, 1);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(13, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {39369#true} is VALID [2022-02-20 18:01:18,055 INFO L290 TraceCheckUtils]: 1: Hoare triple {39369#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret66#1, main_~retValue_acc~36#1, main_~tmp~17#1;havoc main_~retValue_acc~36#1;havoc main_~tmp~17#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {39369#true} is VALID [2022-02-20 18:01:18,055 INFO L290 TraceCheckUtils]: 2: Hoare triple {39369#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret50#1, select_features_#t~ret51#1, select_features_#t~ret52#1, select_features_#t~ret53#1, select_features_#t~ret54#1, select_features_#t~ret55#1, select_features_#t~ret56#1, select_features_#t~ret57#1; {39369#true} is VALID [2022-02-20 18:01:18,055 INFO L272 TraceCheckUtils]: 3: Hoare triple {39369#true} call select_features_#t~ret50#1 := select_one(); {39369#true} is VALID [2022-02-20 18:01:18,055 INFO L290 TraceCheckUtils]: 4: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:18,055 INFO L290 TraceCheckUtils]: 5: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,055 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {39369#true} {39369#true} #1731#return; {39369#true} is VALID [2022-02-20 18:01:18,056 INFO L290 TraceCheckUtils]: 7: Hoare triple {39369#true} assume -2147483648 <= select_features_#t~ret50#1 && select_features_#t~ret50#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret50#1;havoc select_features_#t~ret50#1; {39369#true} is VALID [2022-02-20 18:01:18,056 INFO L272 TraceCheckUtils]: 8: Hoare triple {39369#true} call select_features_#t~ret51#1 := select_one(); {39369#true} is VALID [2022-02-20 18:01:18,056 INFO L290 TraceCheckUtils]: 9: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:18,056 INFO L290 TraceCheckUtils]: 10: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,071 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {39369#true} {39369#true} #1733#return; {39369#true} is VALID [2022-02-20 18:01:18,071 INFO L290 TraceCheckUtils]: 12: Hoare triple {39369#true} assume -2147483648 <= select_features_#t~ret51#1 && select_features_#t~ret51#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret51#1;havoc select_features_#t~ret51#1; {39369#true} is VALID [2022-02-20 18:01:18,071 INFO L272 TraceCheckUtils]: 13: Hoare triple {39369#true} call select_features_#t~ret52#1 := select_one(); {39369#true} is VALID [2022-02-20 18:01:18,072 INFO L290 TraceCheckUtils]: 14: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:18,072 INFO L290 TraceCheckUtils]: 15: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,072 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {39369#true} {39369#true} #1735#return; {39369#true} is VALID [2022-02-20 18:01:18,072 INFO L290 TraceCheckUtils]: 17: Hoare triple {39369#true} assume -2147483648 <= select_features_#t~ret52#1 && select_features_#t~ret52#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret52#1;havoc select_features_#t~ret52#1; {39369#true} is VALID [2022-02-20 18:01:18,072 INFO L272 TraceCheckUtils]: 18: Hoare triple {39369#true} call select_features_#t~ret53#1 := select_one(); {39369#true} is VALID [2022-02-20 18:01:18,072 INFO L290 TraceCheckUtils]: 19: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:18,072 INFO L290 TraceCheckUtils]: 20: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,072 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {39369#true} {39369#true} #1737#return; {39369#true} is VALID [2022-02-20 18:01:18,073 INFO L290 TraceCheckUtils]: 22: Hoare triple {39369#true} assume -2147483648 <= select_features_#t~ret53#1 && select_features_#t~ret53#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret53#1;havoc select_features_#t~ret53#1; {39369#true} is VALID [2022-02-20 18:01:18,073 INFO L272 TraceCheckUtils]: 23: Hoare triple {39369#true} call select_features_#t~ret54#1 := select_one(); {39369#true} is VALID [2022-02-20 18:01:18,073 INFO L290 TraceCheckUtils]: 24: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:18,073 INFO L290 TraceCheckUtils]: 25: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,073 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {39369#true} {39369#true} #1739#return; {39369#true} is VALID [2022-02-20 18:01:18,073 INFO L290 TraceCheckUtils]: 27: Hoare triple {39369#true} assume -2147483648 <= select_features_#t~ret54#1 && select_features_#t~ret54#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret54#1;havoc select_features_#t~ret54#1;~__SELECTED_FEATURE_Sign~0 := 1; {39369#true} is VALID [2022-02-20 18:01:18,073 INFO L272 TraceCheckUtils]: 28: Hoare triple {39369#true} call select_features_#t~ret55#1 := select_one(); {39369#true} is VALID [2022-02-20 18:01:18,073 INFO L290 TraceCheckUtils]: 29: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:18,074 INFO L290 TraceCheckUtils]: 30: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,074 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {39369#true} {39369#true} #1741#return; {39369#true} is VALID [2022-02-20 18:01:18,074 INFO L290 TraceCheckUtils]: 32: Hoare triple {39369#true} assume -2147483648 <= select_features_#t~ret55#1 && select_features_#t~ret55#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret55#1;havoc select_features_#t~ret55#1; {39369#true} is VALID [2022-02-20 18:01:18,074 INFO L272 TraceCheckUtils]: 33: Hoare triple {39369#true} call select_features_#t~ret56#1 := select_one(); {39369#true} is VALID [2022-02-20 18:01:18,074 INFO L290 TraceCheckUtils]: 34: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:18,074 INFO L290 TraceCheckUtils]: 35: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,074 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {39369#true} {39369#true} #1743#return; {39369#true} is VALID [2022-02-20 18:01:18,074 INFO L290 TraceCheckUtils]: 37: Hoare triple {39369#true} assume -2147483648 <= select_features_#t~ret56#1 && select_features_#t~ret56#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret56#1;havoc select_features_#t~ret56#1; {39369#true} is VALID [2022-02-20 18:01:18,075 INFO L272 TraceCheckUtils]: 38: Hoare triple {39369#true} call select_features_#t~ret57#1 := select_one(); {39369#true} is VALID [2022-02-20 18:01:18,075 INFO L290 TraceCheckUtils]: 39: Hoare triple {39369#true} havoc ~retValue_acc~23;assume -2147483648 <= #t~nondet49 && #t~nondet49 <= 2147483647;~choice~0 := #t~nondet49;havoc #t~nondet49;~retValue_acc~23 := ~choice~0;#res := ~retValue_acc~23; {39369#true} is VALID [2022-02-20 18:01:18,075 INFO L290 TraceCheckUtils]: 40: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,075 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {39369#true} {39369#true} #1745#return; {39369#true} is VALID [2022-02-20 18:01:18,075 INFO L290 TraceCheckUtils]: 42: Hoare triple {39369#true} assume -2147483648 <= select_features_#t~ret57#1 && select_features_#t~ret57#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret57#1;havoc select_features_#t~ret57#1; {39369#true} is VALID [2022-02-20 18:01:18,075 INFO L290 TraceCheckUtils]: 43: Hoare triple {39369#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1, valid_product_~tmp~15#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~tmp~15#1; {39369#true} is VALID [2022-02-20 18:01:18,075 INFO L290 TraceCheckUtils]: 44: Hoare triple {39369#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {39369#true} is VALID [2022-02-20 18:01:18,076 INFO L290 TraceCheckUtils]: 45: Hoare triple {39369#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {39369#true} is VALID [2022-02-20 18:01:18,076 INFO L290 TraceCheckUtils]: 46: Hoare triple {39369#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {39369#true} is VALID [2022-02-20 18:01:18,076 INFO L290 TraceCheckUtils]: 47: Hoare triple {39369#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {39369#true} is VALID [2022-02-20 18:01:18,076 INFO L290 TraceCheckUtils]: 48: Hoare triple {39369#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {39369#true} is VALID [2022-02-20 18:01:18,076 INFO L290 TraceCheckUtils]: 49: Hoare triple {39369#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {39369#true} is VALID [2022-02-20 18:01:18,076 INFO L290 TraceCheckUtils]: 50: Hoare triple {39369#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {39369#true} is VALID [2022-02-20 18:01:18,076 INFO L290 TraceCheckUtils]: 51: Hoare triple {39369#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {39369#true} is VALID [2022-02-20 18:01:18,076 INFO L290 TraceCheckUtils]: 52: Hoare triple {39369#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {39369#true} is VALID [2022-02-20 18:01:18,077 INFO L290 TraceCheckUtils]: 53: Hoare triple {39369#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~15#1 := 1; {39369#true} is VALID [2022-02-20 18:01:18,077 INFO L290 TraceCheckUtils]: 54: Hoare triple {39369#true} valid_product_~retValue_acc~24#1 := valid_product_~tmp~15#1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {39369#true} is VALID [2022-02-20 18:01:18,077 INFO L290 TraceCheckUtils]: 55: Hoare triple {39369#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~17#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {39369#true} is VALID [2022-02-20 18:01:18,077 INFO L290 TraceCheckUtils]: 56: Hoare triple {39369#true} assume 0 != main_~tmp~17#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet63#1, setup_#t~nondet64#1, setup_#t~nondet65#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {39369#true} is VALID [2022-02-20 18:01:18,077 INFO L290 TraceCheckUtils]: 57: Hoare triple {39369#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {39369#true} is VALID [2022-02-20 18:01:18,078 INFO L272 TraceCheckUtils]: 58: Hoare triple {39369#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:18,078 INFO L290 TraceCheckUtils]: 59: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {39369#true} is VALID [2022-02-20 18:01:18,079 INFO L272 TraceCheckUtils]: 60: Hoare triple {39369#true} call setClientId(~bob___0, ~bob___0); {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:18,079 INFO L290 TraceCheckUtils]: 61: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:18,079 INFO L290 TraceCheckUtils]: 62: Hoare triple {39369#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:18,079 INFO L290 TraceCheckUtils]: 63: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,079 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {39369#true} {39369#true} #1729#return; {39369#true} is VALID [2022-02-20 18:01:18,079 INFO L290 TraceCheckUtils]: 65: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,079 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {39369#true} {39369#true} #1747#return; {39369#true} is VALID [2022-02-20 18:01:18,080 INFO L272 TraceCheckUtils]: 67: Hoare triple {39369#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {39464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:18,080 INFO L290 TraceCheckUtils]: 68: Hoare triple {39464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:18,080 INFO L290 TraceCheckUtils]: 69: Hoare triple {39369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:18,081 INFO L290 TraceCheckUtils]: 70: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,081 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {39369#true} {39369#true} #1749#return; {39369#true} is VALID [2022-02-20 18:01:18,081 INFO L290 TraceCheckUtils]: 72: Hoare triple {39369#true} assume { :end_inline_setup_bob__role__Keys } true; {39369#true} is VALID [2022-02-20 18:01:18,081 INFO L290 TraceCheckUtils]: 73: Hoare triple {39369#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 14, 0;havoc setup_#t~nondet63#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {39369#true} is VALID [2022-02-20 18:01:18,081 INFO L290 TraceCheckUtils]: 74: Hoare triple {39369#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {39369#true} is VALID [2022-02-20 18:01:18,082 INFO L272 TraceCheckUtils]: 75: Hoare triple {39369#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:18,082 INFO L290 TraceCheckUtils]: 76: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {39369#true} is VALID [2022-02-20 18:01:18,083 INFO L272 TraceCheckUtils]: 77: Hoare triple {39369#true} call setClientId(~rjh___0, ~rjh___0); {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:18,083 INFO L290 TraceCheckUtils]: 78: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:18,083 INFO L290 TraceCheckUtils]: 79: Hoare triple {39369#true} assume !(1 == ~handle); {39369#true} is VALID [2022-02-20 18:01:18,083 INFO L290 TraceCheckUtils]: 80: Hoare triple {39369#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:18,083 INFO L290 TraceCheckUtils]: 81: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,083 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {39369#true} {39369#true} #1681#return; {39369#true} is VALID [2022-02-20 18:01:18,083 INFO L290 TraceCheckUtils]: 83: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,083 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {39369#true} {39369#true} #1753#return; {39369#true} is VALID [2022-02-20 18:01:18,084 INFO L272 TraceCheckUtils]: 85: Hoare triple {39369#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {39464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:18,084 INFO L290 TraceCheckUtils]: 86: Hoare triple {39464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:18,084 INFO L290 TraceCheckUtils]: 87: Hoare triple {39369#true} assume !(1 == ~handle); {39369#true} is VALID [2022-02-20 18:01:18,085 INFO L290 TraceCheckUtils]: 88: Hoare triple {39369#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:18,085 INFO L290 TraceCheckUtils]: 89: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,085 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {39369#true} {39369#true} #1755#return; {39369#true} is VALID [2022-02-20 18:01:18,085 INFO L290 TraceCheckUtils]: 91: Hoare triple {39369#true} assume { :end_inline_setup_rjh__role__Keys } true; {39369#true} is VALID [2022-02-20 18:01:18,085 INFO L290 TraceCheckUtils]: 92: Hoare triple {39369#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 15, 0;havoc setup_#t~nondet64#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {39421#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 18:01:18,086 INFO L290 TraceCheckUtils]: 93: Hoare triple {39421#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {39422#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} is VALID [2022-02-20 18:01:18,086 INFO L272 TraceCheckUtils]: 94: Hoare triple {39422#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:18,087 INFO L290 TraceCheckUtils]: 95: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {39470#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 18:01:18,088 INFO L272 TraceCheckUtils]: 96: Hoare triple {39470#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:18,088 INFO L290 TraceCheckUtils]: 97: Hoare triple {39459#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39476#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:18,088 INFO L290 TraceCheckUtils]: 98: Hoare triple {39476#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39477#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:18,089 INFO L290 TraceCheckUtils]: 99: Hoare triple {39477#(= |setClientId_#in~handle| 1)} assume true; {39477#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:18,089 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {39477#(= |setClientId_#in~handle| 1)} {39470#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1623#return; {39475#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:01:18,090 INFO L290 TraceCheckUtils]: 101: Hoare triple {39475#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} assume true; {39475#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:01:18,090 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {39475#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} {39422#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} #1759#return; {39370#false} is VALID [2022-02-20 18:01:18,090 INFO L272 TraceCheckUtils]: 103: Hoare triple {39370#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {39464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:18,090 INFO L290 TraceCheckUtils]: 104: Hoare triple {39464#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:18,091 INFO L290 TraceCheckUtils]: 105: Hoare triple {39369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:18,091 INFO L290 TraceCheckUtils]: 106: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,091 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {39369#true} {39370#false} #1761#return; {39370#false} is VALID [2022-02-20 18:01:18,091 INFO L290 TraceCheckUtils]: 108: Hoare triple {39370#false} assume { :end_inline_setup_chuck__role__Keys } true; {39370#false} is VALID [2022-02-20 18:01:18,091 INFO L290 TraceCheckUtils]: 109: Hoare triple {39370#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 16, 0;havoc setup_#t~nondet65#1; {39370#false} is VALID [2022-02-20 18:01:18,091 INFO L290 TraceCheckUtils]: 110: Hoare triple {39370#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {39370#false} is VALID [2022-02-20 18:01:18,092 INFO L290 TraceCheckUtils]: 111: Hoare triple {39370#false} assume !false; {39370#false} is VALID [2022-02-20 18:01:18,092 INFO L290 TraceCheckUtils]: 112: Hoare triple {39370#false} assume test_~splverifierCounter~0#1 < 4; {39370#false} is VALID [2022-02-20 18:01:18,092 INFO L290 TraceCheckUtils]: 113: Hoare triple {39370#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {39370#false} is VALID [2022-02-20 18:01:18,092 INFO L290 TraceCheckUtils]: 114: Hoare triple {39370#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {39370#false} is VALID [2022-02-20 18:01:18,092 INFO L290 TraceCheckUtils]: 115: Hoare triple {39370#false} assume !(0 != test_~tmp___9~0#1); {39370#false} is VALID [2022-02-20 18:01:18,092 INFO L290 TraceCheckUtils]: 116: Hoare triple {39370#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {39370#false} is VALID [2022-02-20 18:01:18,092 INFO L290 TraceCheckUtils]: 117: Hoare triple {39370#false} assume 0 != test_~tmp___8~0#1; {39370#false} is VALID [2022-02-20 18:01:18,092 INFO L290 TraceCheckUtils]: 118: Hoare triple {39370#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {39370#false} is VALID [2022-02-20 18:01:18,093 INFO L290 TraceCheckUtils]: 119: Hoare triple {39370#false} test_~op2~0#1 := 1; {39370#false} is VALID [2022-02-20 18:01:18,093 INFO L290 TraceCheckUtils]: 120: Hoare triple {39370#false} assume !false; {39370#false} is VALID [2022-02-20 18:01:18,093 INFO L290 TraceCheckUtils]: 121: Hoare triple {39370#false} assume !(test_~splverifierCounter~0#1 < 4); {39370#false} is VALID [2022-02-20 18:01:18,093 INFO L290 TraceCheckUtils]: 122: Hoare triple {39370#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_#t~ret61#1, bobToRjh_~tmp~16#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~16#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret58#1 := puts(12, 0);assume -2147483648 <= bobToRjh_#t~ret58#1 && bobToRjh_#t~ret58#1 <= 2147483647;havoc bobToRjh_#t~ret58#1; {39370#false} is VALID [2022-02-20 18:01:18,093 INFO L272 TraceCheckUtils]: 123: Hoare triple {39370#false} call sendEmail(~bob~0, ~rjh~0); {39370#false} is VALID [2022-02-20 18:01:18,093 INFO L290 TraceCheckUtils]: 124: Hoare triple {39370#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~41#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~41#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {39370#false} is VALID [2022-02-20 18:01:18,093 INFO L272 TraceCheckUtils]: 125: Hoare triple {39370#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {39478#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:18,094 INFO L290 TraceCheckUtils]: 126: Hoare triple {39478#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:18,094 INFO L290 TraceCheckUtils]: 127: Hoare triple {39369#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:18,094 INFO L290 TraceCheckUtils]: 128: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,094 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {39369#true} {39370#false} #1645#return; {39370#false} is VALID [2022-02-20 18:01:18,094 INFO L272 TraceCheckUtils]: 130: Hoare triple {39370#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {39479#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:18,094 INFO L290 TraceCheckUtils]: 131: Hoare triple {39479#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:18,094 INFO L290 TraceCheckUtils]: 132: Hoare triple {39369#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:18,094 INFO L290 TraceCheckUtils]: 133: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,095 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {39369#true} {39370#false} #1647#return; {39370#false} is VALID [2022-02-20 18:01:18,095 INFO L290 TraceCheckUtils]: 135: Hoare triple {39370#false} createEmail_~retValue_acc~41#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~41#1; {39370#false} is VALID [2022-02-20 18:01:18,095 INFO L290 TraceCheckUtils]: 136: Hoare triple {39370#false} #t~ret35#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~9#1 := #t~ret35#1;havoc #t~ret35#1;~email~0#1 := ~tmp~9#1; {39370#false} is VALID [2022-02-20 18:01:18,095 INFO L272 TraceCheckUtils]: 137: Hoare triple {39370#false} call outgoing(~sender#1, ~email~0#1); {39370#false} is VALID [2022-02-20 18:01:18,095 INFO L290 TraceCheckUtils]: 138: Hoare triple {39370#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {39370#false} is VALID [2022-02-20 18:01:18,095 INFO L290 TraceCheckUtils]: 139: Hoare triple {39370#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {39370#false} is VALID [2022-02-20 18:01:18,095 INFO L272 TraceCheckUtils]: 140: Hoare triple {39370#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {39369#true} is VALID [2022-02-20 18:01:18,096 INFO L290 TraceCheckUtils]: 141: Hoare triple {39369#true} ~handle := #in~handle;havoc ~retValue_acc~15; {39369#true} is VALID [2022-02-20 18:01:18,096 INFO L290 TraceCheckUtils]: 142: Hoare triple {39369#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {39369#true} is VALID [2022-02-20 18:01:18,106 INFO L290 TraceCheckUtils]: 143: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,106 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {39369#true} {39370#false} #1589#return; {39370#false} is VALID [2022-02-20 18:01:18,107 INFO L290 TraceCheckUtils]: 145: Hoare triple {39370#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {39370#false} is VALID [2022-02-20 18:01:18,107 INFO L290 TraceCheckUtils]: 146: Hoare triple {39370#false} assume 0 == sign_~privkey~1#1; {39370#false} is VALID [2022-02-20 18:01:18,107 INFO L290 TraceCheckUtils]: 147: Hoare triple {39370#false} assume { :end_inline_sign } true; {39370#false} is VALID [2022-02-20 18:01:18,107 INFO L272 TraceCheckUtils]: 148: Hoare triple {39370#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {39370#false} is VALID [2022-02-20 18:01:18,107 INFO L290 TraceCheckUtils]: 149: Hoare triple {39370#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {39370#false} is VALID [2022-02-20 18:01:18,107 INFO L290 TraceCheckUtils]: 150: Hoare triple {39370#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {39370#false} is VALID [2022-02-20 18:01:18,107 INFO L272 TraceCheckUtils]: 151: Hoare triple {39370#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {39370#false} is VALID [2022-02-20 18:01:18,108 INFO L290 TraceCheckUtils]: 152: Hoare triple {39370#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {39370#false} is VALID [2022-02-20 18:01:18,108 INFO L290 TraceCheckUtils]: 153: Hoare triple {39370#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {39370#false} is VALID [2022-02-20 18:01:18,108 INFO L272 TraceCheckUtils]: 154: Hoare triple {39370#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {39370#false} is VALID [2022-02-20 18:01:18,108 INFO L290 TraceCheckUtils]: 155: Hoare triple {39370#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {39370#false} is VALID [2022-02-20 18:01:18,108 INFO L290 TraceCheckUtils]: 156: Hoare triple {39370#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {39370#false} is VALID [2022-02-20 18:01:18,108 INFO L290 TraceCheckUtils]: 157: Hoare triple {39370#false} #t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret18#1 && #t~ret18#1 <= 2147483647;~tmp~2#1 := #t~ret18#1;havoc #t~ret18#1; {39370#false} is VALID [2022-02-20 18:01:18,108 INFO L272 TraceCheckUtils]: 158: Hoare triple {39370#false} call setEmailFrom(~msg#1, ~tmp~2#1); {39478#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:18,109 INFO L290 TraceCheckUtils]: 159: Hoare triple {39478#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {39369#true} is VALID [2022-02-20 18:01:18,109 INFO L290 TraceCheckUtils]: 160: Hoare triple {39369#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {39369#true} is VALID [2022-02-20 18:01:18,109 INFO L290 TraceCheckUtils]: 161: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,109 INFO L284 TraceCheckUtils]: 162: Hoare quadruple {39369#true} {39370#false} #1657#return; {39370#false} is VALID [2022-02-20 18:01:18,109 INFO L290 TraceCheckUtils]: 163: Hoare triple {39370#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignForward_spec__1 } true;__utac_acc__SignForward_spec__1_#in~client#1, __utac_acc__SignForward_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__SignForward_spec__1_#t~ret123#1, __utac_acc__SignForward_spec__1_#t~ret124#1, __utac_acc__SignForward_spec__1_#t~ret125#1, __utac_acc__SignForward_spec__1_~client#1, __utac_acc__SignForward_spec__1_~msg#1, __utac_acc__SignForward_spec__1_~tmp~27#1, __utac_acc__SignForward_spec__1_~tmp___0~10#1;__utac_acc__SignForward_spec__1_~client#1 := __utac_acc__SignForward_spec__1_#in~client#1;__utac_acc__SignForward_spec__1_~msg#1 := __utac_acc__SignForward_spec__1_#in~msg#1;havoc __utac_acc__SignForward_spec__1_~tmp~27#1;havoc __utac_acc__SignForward_spec__1_~tmp___0~10#1;call __utac_acc__SignForward_spec__1_#t~ret123#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret123#1 && __utac_acc__SignForward_spec__1_#t~ret123#1 <= 2147483647;havoc __utac_acc__SignForward_spec__1_#t~ret123#1; {39370#false} is VALID [2022-02-20 18:01:18,109 INFO L272 TraceCheckUtils]: 164: Hoare triple {39370#false} call __utac_acc__SignForward_spec__1_#t~ret124#1 := isSigned(__utac_acc__SignForward_spec__1_~msg#1); {39369#true} is VALID [2022-02-20 18:01:18,109 INFO L290 TraceCheckUtils]: 165: Hoare triple {39369#true} ~handle := #in~handle;havoc ~retValue_acc~33; {39369#true} is VALID [2022-02-20 18:01:18,109 INFO L290 TraceCheckUtils]: 166: Hoare triple {39369#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~33; {39369#true} is VALID [2022-02-20 18:01:18,110 INFO L290 TraceCheckUtils]: 167: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,110 INFO L284 TraceCheckUtils]: 168: Hoare quadruple {39369#true} {39370#false} #1659#return; {39370#false} is VALID [2022-02-20 18:01:18,110 INFO L290 TraceCheckUtils]: 169: Hoare triple {39370#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret124#1 && __utac_acc__SignForward_spec__1_#t~ret124#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp___0~10#1 := __utac_acc__SignForward_spec__1_#t~ret124#1;havoc __utac_acc__SignForward_spec__1_#t~ret124#1; {39370#false} is VALID [2022-02-20 18:01:18,110 INFO L290 TraceCheckUtils]: 170: Hoare triple {39370#false} assume 0 != __utac_acc__SignForward_spec__1_~tmp___0~10#1; {39370#false} is VALID [2022-02-20 18:01:18,110 INFO L272 TraceCheckUtils]: 171: Hoare triple {39370#false} call __utac_acc__SignForward_spec__1_#t~ret125#1 := getClientPrivateKey(__utac_acc__SignForward_spec__1_~client#1); {39369#true} is VALID [2022-02-20 18:01:18,110 INFO L290 TraceCheckUtils]: 172: Hoare triple {39369#true} ~handle := #in~handle;havoc ~retValue_acc~15; {39369#true} is VALID [2022-02-20 18:01:18,110 INFO L290 TraceCheckUtils]: 173: Hoare triple {39369#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~15; {39369#true} is VALID [2022-02-20 18:01:18,110 INFO L290 TraceCheckUtils]: 174: Hoare triple {39369#true} assume true; {39369#true} is VALID [2022-02-20 18:01:18,111 INFO L284 TraceCheckUtils]: 175: Hoare quadruple {39369#true} {39370#false} #1661#return; {39370#false} is VALID [2022-02-20 18:01:18,111 INFO L290 TraceCheckUtils]: 176: Hoare triple {39370#false} assume -2147483648 <= __utac_acc__SignForward_spec__1_#t~ret125#1 && __utac_acc__SignForward_spec__1_#t~ret125#1 <= 2147483647;__utac_acc__SignForward_spec__1_~tmp~27#1 := __utac_acc__SignForward_spec__1_#t~ret125#1;havoc __utac_acc__SignForward_spec__1_#t~ret125#1; {39370#false} is VALID [2022-02-20 18:01:18,111 INFO L290 TraceCheckUtils]: 177: Hoare triple {39370#false} assume 0 == __utac_acc__SignForward_spec__1_~tmp~27#1;assume { :begin_inline___automaton_fail } true; {39370#false} is VALID [2022-02-20 18:01:18,111 INFO L290 TraceCheckUtils]: 178: Hoare triple {39370#false} assume !false; {39370#false} is VALID [2022-02-20 18:01:18,112 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 18:01:18,112 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:18,112 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1607606193] [2022-02-20 18:01:18,113 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1607606193] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:18,113 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:18,113 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:01:18,113 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2075532833] [2022-02-20 18:01:18,113 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:18,114 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 10 states have (on average 10.0) internal successors, (100), 8 states have internal predecessors, (100), 4 states have call successors, (28), 6 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 179 [2022-02-20 18:01:18,114 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:18,114 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 10 states have (on average 10.0) internal successors, (100), 8 states have internal predecessors, (100), 4 states have call successors, (28), 6 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:01:18,266 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 151 edges. 151 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:18,267 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:01:18,267 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:18,267 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:01:18,267 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:01:18,267 INFO L87 Difference]: Start difference. First operand 688 states and 1007 transitions. Second operand has 12 states, 10 states have (on average 10.0) internal successors, (100), 8 states have internal predecessors, (100), 4 states have call successors, (28), 6 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23)