./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec6_productSimulator.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec6_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash c86855dab8667fe80df418e2dda62d52081f1a657b6492a63fb3d2a1da4890b5 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:01:33,764 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:01:33,782 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:01:33,836 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:01:33,837 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:01:33,854 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:01:33,855 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:01:33,857 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:01:33,859 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:01:33,862 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:01:33,863 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:01:33,864 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:01:33,864 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:01:33,866 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:01:33,867 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:01:33,870 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:01:33,871 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:01:33,872 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:01:33,874 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:01:33,879 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:01:33,880 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:01:33,896 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:01:33,898 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:01:33,898 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:01:33,904 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:01:33,904 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:01:33,904 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:01:33,906 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:01:33,906 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:01:33,907 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:01:33,907 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:01:33,908 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:01:33,909 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:01:33,909 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:01:33,910 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:01:33,910 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:01:33,912 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:01:33,912 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:01:33,912 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:01:33,913 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:01:33,913 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:01:33,916 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:01:33,973 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:01:33,973 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:01:33,974 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:01:33,974 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:01:33,974 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:01:33,974 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:01:33,975 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:01:33,975 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:01:33,975 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:01:33,975 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:01:33,976 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:01:33,976 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:01:33,976 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:01:33,976 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:01:33,976 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:01:33,976 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:01:33,977 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:01:33,977 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:01:33,977 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:01:33,977 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:01:33,977 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:01:33,977 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:01:33,977 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:01:33,977 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:01:33,977 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:01:33,978 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:01:33,978 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:01:33,978 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:01:33,978 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:01:33,978 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:01:33,978 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:01:33,978 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:01:33,979 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:01:33,979 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> c86855dab8667fe80df418e2dda62d52081f1a657b6492a63fb3d2a1da4890b5 [2022-02-20 18:01:34,393 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:01:34,435 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:01:34,438 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:01:34,438 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:01:34,439 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:01:34,440 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec6_productSimulator.cil.c [2022-02-20 18:01:34,533 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/4f7463878/7be5054e0c28461b82fc8e39d1bc2fab/FLAG585d49cd9 [2022-02-20 18:01:35,036 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:01:35,037 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec6_productSimulator.cil.c [2022-02-20 18:01:35,062 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/4f7463878/7be5054e0c28461b82fc8e39d1bc2fab/FLAG585d49cd9 [2022-02-20 18:01:35,512 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/4f7463878/7be5054e0c28461b82fc8e39d1bc2fab [2022-02-20 18:01:35,514 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:01:35,515 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:01:35,516 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:01:35,516 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:01:35,518 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:01:35,519 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:01:35" (1/1) ... [2022-02-20 18:01:35,520 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@7397bfc1 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:35, skipping insertion in model container [2022-02-20 18:01:35,520 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:01:35" (1/1) ... [2022-02-20 18:01:35,525 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:01:35,562 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:01:35,942 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec6_productSimulator.cil.c[17001,17014] [2022-02-20 18:01:36,092 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:01:36,099 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:01:36,124 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec6_productSimulator.cil.c[17001,17014] [2022-02-20 18:01:36,173 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:01:36,196 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:01:36,197 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:36 WrapperNode [2022-02-20 18:01:36,197 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:01:36,198 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:01:36,198 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:01:36,198 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:01:36,203 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:36" (1/1) ... [2022-02-20 18:01:36,222 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:36" (1/1) ... [2022-02-20 18:01:36,270 INFO L137 Inliner]: procedures = 152, calls = 290, calls flagged for inlining = 68, calls inlined = 65, statements flattened = 1339 [2022-02-20 18:01:36,270 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:01:36,271 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:01:36,271 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:01:36,271 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:01:36,288 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:36" (1/1) ... [2022-02-20 18:01:36,288 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:36" (1/1) ... [2022-02-20 18:01:36,293 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:36" (1/1) ... [2022-02-20 18:01:36,294 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:36" (1/1) ... [2022-02-20 18:01:36,309 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:36" (1/1) ... [2022-02-20 18:01:36,318 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:36" (1/1) ... [2022-02-20 18:01:36,323 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:36" (1/1) ... [2022-02-20 18:01:36,330 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:01:36,331 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:01:36,331 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:01:36,332 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:01:36,348 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:36" (1/1) ... [2022-02-20 18:01:36,369 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:01:36,383 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:36,395 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:01:36,408 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:01:36,446 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:01:36,446 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:01:36,446 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck__before__Keys [2022-02-20 18:01:36,446 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck__before__Keys [2022-02-20 18:01:36,447 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Sign [2022-02-20 18:01:36,447 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Sign [2022-02-20 18:01:36,447 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 18:01:36,447 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 18:01:36,447 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:01:36,447 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:01:36,447 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 18:01:36,448 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 18:01:36,448 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:01:36,448 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:01:36,448 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Verify [2022-02-20 18:01:36,448 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Verify [2022-02-20 18:01:36,448 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:01:36,448 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:01:36,449 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob__before__Keys [2022-02-20 18:01:36,449 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob__before__Keys [2022-02-20 18:01:36,449 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:01:36,449 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:01:36,449 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:01:36,449 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:01:36,449 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:01:36,449 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:01:36,450 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Decrypt [2022-02-20 18:01:36,450 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Decrypt [2022-02-20 18:01:36,450 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Encrypt [2022-02-20 18:01:36,450 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Encrypt [2022-02-20 18:01:36,450 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:01:36,450 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:01:36,450 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:01:36,451 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:01:36,451 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:01:36,451 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:01:36,451 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:01:36,451 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Forward [2022-02-20 18:01:36,451 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Forward [2022-02-20 18:01:36,451 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:01:36,452 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:01:36,452 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 18:01:36,452 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 18:01:36,452 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:01:36,453 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:01:36,453 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable__before__Encrypt [2022-02-20 18:01:36,453 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable__before__Encrypt [2022-02-20 18:01:36,500 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:01:36,500 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:01:36,500 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:01:36,500 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:01:36,501 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:01:36,501 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__AddressBook [2022-02-20 18:01:36,501 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__AddressBook [2022-02-20 18:01:36,502 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Encrypt [2022-02-20 18:01:36,502 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Encrypt [2022-02-20 18:01:36,502 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__AutoResponder [2022-02-20 18:01:36,503 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__AutoResponder [2022-02-20 18:01:36,504 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 18:01:36,504 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 18:01:36,504 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:01:36,504 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:01:36,504 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:01:36,505 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:01:36,505 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:01:36,505 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:01:36,505 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 18:01:36,505 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 18:01:36,505 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:01:36,505 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:01:36,505 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:01:36,506 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:01:36,506 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh__before__Keys [2022-02-20 18:01:36,506 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh__before__Keys [2022-02-20 18:01:36,506 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Verify [2022-02-20 18:01:36,507 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Verify [2022-02-20 18:01:36,507 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:01:36,507 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:01:36,507 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:01:36,507 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:01:36,507 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:01:36,507 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:01:36,507 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:01:36,508 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Sign [2022-02-20 18:01:36,508 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Sign [2022-02-20 18:01:36,508 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2022-02-20 18:01:36,508 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2022-02-20 18:01:36,508 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 18:01:36,508 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 18:01:36,509 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:01:36,509 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:01:36,754 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:01:36,756 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:01:37,653 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:01:37,674 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:01:37,675 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:01:37,677 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:01:37 BoogieIcfgContainer [2022-02-20 18:01:37,677 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:01:37,678 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:01:37,678 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:01:37,682 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:01:37,683 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:01:35" (1/3) ... [2022-02-20 18:01:37,683 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5abaede5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:01:37, skipping insertion in model container [2022-02-20 18:01:37,683 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:36" (2/3) ... [2022-02-20 18:01:37,683 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5abaede5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:01:37, skipping insertion in model container [2022-02-20 18:01:37,684 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:01:37" (3/3) ... [2022-02-20 18:01:37,685 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec6_productSimulator.cil.c [2022-02-20 18:01:37,689 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:01:37,689 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:01:37,729 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:01:37,733 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:01:37,733 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:01:37,758 INFO L276 IsEmpty]: Start isEmpty. Operand has 608 states, 451 states have (on average 1.5121951219512195) internal successors, (682), 471 states have internal predecessors, (682), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) [2022-02-20 18:01:37,775 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 153 [2022-02-20 18:01:37,775 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:37,776 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:37,777 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:37,780 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:37,781 INFO L85 PathProgramCache]: Analyzing trace with hash -908368288, now seen corresponding path program 1 times [2022-02-20 18:01:37,787 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:37,787 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1719611435] [2022-02-20 18:01:37,787 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:37,788 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:37,934 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:01:38,034 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,043 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1741#return; {611#true} is VALID [2022-02-20 18:01:38,043 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:01:38,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,051 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,051 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,051 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1743#return; {611#true} is VALID [2022-02-20 18:01:38,052 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:01:38,054 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,057 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,058 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1745#return; {611#true} is VALID [2022-02-20 18:01:38,058 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:38,060 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,063 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,064 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,064 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1747#return; {611#true} is VALID [2022-02-20 18:01:38,064 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:01:38,067 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,071 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,094 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,094 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1749#return; {611#true} is VALID [2022-02-20 18:01:38,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:01:38,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,101 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,101 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,101 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1751#return; {611#true} is VALID [2022-02-20 18:01:38,102 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:01:38,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,107 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,108 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,108 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1753#return; {611#true} is VALID [2022-02-20 18:01:38,108 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:01:38,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,114 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,115 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,115 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {611#true} {611#true} #1755#return; {611#true} is VALID [2022-02-20 18:01:38,121 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 18:01:38,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,127 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:38,129 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,132 INFO L290 TraceCheckUtils]: 0: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,132 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,132 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,133 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {611#true} #1739#return; {611#true} is VALID [2022-02-20 18:01:38,133 INFO L290 TraceCheckUtils]: 0: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {611#true} is VALID [2022-02-20 18:01:38,134 INFO L272 TraceCheckUtils]: 1: Hoare triple {611#true} call setClientId(~bob___0, ~bob___0); {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:38,134 INFO L290 TraceCheckUtils]: 2: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,135 INFO L290 TraceCheckUtils]: 3: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,135 INFO L290 TraceCheckUtils]: 4: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,135 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {611#true} {611#true} #1739#return; {611#true} is VALID [2022-02-20 18:01:38,135 INFO L290 TraceCheckUtils]: 6: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,135 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {611#true} {611#true} #1761#return; {611#true} is VALID [2022-02-20 18:01:38,136 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:01:38,138 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,142 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:38,143 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,146 INFO L290 TraceCheckUtils]: 0: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,147 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,147 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,147 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {611#true} #1691#return; {611#true} is VALID [2022-02-20 18:01:38,147 INFO L290 TraceCheckUtils]: 0: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {611#true} is VALID [2022-02-20 18:01:38,149 INFO L272 TraceCheckUtils]: 1: Hoare triple {611#true} call setClientId(~rjh___0, ~rjh___0); {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:38,149 INFO L290 TraceCheckUtils]: 2: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,149 INFO L290 TraceCheckUtils]: 3: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,149 INFO L290 TraceCheckUtils]: 4: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,150 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {611#true} {611#true} #1691#return; {611#true} is VALID [2022-02-20 18:01:38,150 INFO L290 TraceCheckUtils]: 6: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,150 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {611#true} {611#true} #1767#return; {611#true} is VALID [2022-02-20 18:01:38,150 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:01:38,153 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,156 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:38,158 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,167 INFO L290 TraceCheckUtils]: 0: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,168 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,168 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,168 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {611#true} #1629#return; {611#true} is VALID [2022-02-20 18:01:38,168 INFO L290 TraceCheckUtils]: 0: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {611#true} is VALID [2022-02-20 18:01:38,169 INFO L272 TraceCheckUtils]: 1: Hoare triple {611#true} call setClientId(~chuck___0, ~chuck___0); {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:38,170 INFO L290 TraceCheckUtils]: 2: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,170 INFO L290 TraceCheckUtils]: 3: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,170 INFO L290 TraceCheckUtils]: 4: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,170 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {611#true} {611#true} #1629#return; {611#true} is VALID [2022-02-20 18:01:38,170 INFO L290 TraceCheckUtils]: 6: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,171 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {611#true} {611#true} #1773#return; {611#true} is VALID [2022-02-20 18:01:38,177 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:01:38,179 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,186 INFO L290 TraceCheckUtils]: 0: Hoare triple {706#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,187 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,187 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,187 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1651#return; {612#false} is VALID [2022-02-20 18:01:38,193 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:01:38,195 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,203 INFO L290 TraceCheckUtils]: 0: Hoare triple {707#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,204 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,204 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,205 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1653#return; {612#false} is VALID [2022-02-20 18:01:38,205 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:01:38,206 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,211 INFO L290 TraceCheckUtils]: 0: Hoare triple {706#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,212 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,212 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1663#return; {612#false} is VALID [2022-02-20 18:01:38,213 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:01:38,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,219 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~35; {611#true} is VALID [2022-02-20 18:01:38,220 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {611#true} is VALID [2022-02-20 18:01:38,220 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,220 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1665#return; {612#false} is VALID [2022-02-20 18:01:38,220 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:01:38,224 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,237 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~32; {611#true} is VALID [2022-02-20 18:01:38,238 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {611#true} is VALID [2022-02-20 18:01:38,238 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,238 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1667#return; {612#false} is VALID [2022-02-20 18:01:38,238 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 132 [2022-02-20 18:01:38,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,245 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~19; {611#true} is VALID [2022-02-20 18:01:38,246 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {611#true} is VALID [2022-02-20 18:01:38,247 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,247 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1669#return; {612#false} is VALID [2022-02-20 18:01:38,247 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 18:01:38,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,253 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~36; {611#true} is VALID [2022-02-20 18:01:38,253 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {611#true} is VALID [2022-02-20 18:01:38,253 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,254 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1671#return; {612#false} is VALID [2022-02-20 18:01:38,256 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-02-20 18:01:38,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,264 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {611#true} is VALID [2022-02-20 18:01:38,265 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {611#true} is VALID [2022-02-20 18:01:38,265 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,266 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {611#true} {612#false} #1673#return; {612#false} is VALID [2022-02-20 18:01:38,267 INFO L290 TraceCheckUtils]: 0: Hoare triple {611#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {611#true} is VALID [2022-02-20 18:01:38,273 INFO L290 TraceCheckUtils]: 1: Hoare triple {611#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {611#true} is VALID [2022-02-20 18:01:38,274 INFO L290 TraceCheckUtils]: 2: Hoare triple {611#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {611#true} is VALID [2022-02-20 18:01:38,274 INFO L272 TraceCheckUtils]: 3: Hoare triple {611#true} call select_features_#t~ret58#1 := select_one(); {611#true} is VALID [2022-02-20 18:01:38,274 INFO L290 TraceCheckUtils]: 4: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,275 INFO L290 TraceCheckUtils]: 5: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,275 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {611#true} {611#true} #1741#return; {611#true} is VALID [2022-02-20 18:01:38,277 INFO L290 TraceCheckUtils]: 7: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {611#true} is VALID [2022-02-20 18:01:38,278 INFO L272 TraceCheckUtils]: 8: Hoare triple {611#true} call select_features_#t~ret59#1 := select_one(); {611#true} is VALID [2022-02-20 18:01:38,278 INFO L290 TraceCheckUtils]: 9: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,278 INFO L290 TraceCheckUtils]: 10: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,278 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {611#true} {611#true} #1743#return; {611#true} is VALID [2022-02-20 18:01:38,279 INFO L290 TraceCheckUtils]: 12: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {611#true} is VALID [2022-02-20 18:01:38,279 INFO L272 TraceCheckUtils]: 13: Hoare triple {611#true} call select_features_#t~ret60#1 := select_one(); {611#true} is VALID [2022-02-20 18:01:38,280 INFO L290 TraceCheckUtils]: 14: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,280 INFO L290 TraceCheckUtils]: 15: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,281 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {611#true} {611#true} #1745#return; {611#true} is VALID [2022-02-20 18:01:38,281 INFO L290 TraceCheckUtils]: 17: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {611#true} is VALID [2022-02-20 18:01:38,281 INFO L272 TraceCheckUtils]: 18: Hoare triple {611#true} call select_features_#t~ret61#1 := select_one(); {611#true} is VALID [2022-02-20 18:01:38,282 INFO L290 TraceCheckUtils]: 19: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,283 INFO L290 TraceCheckUtils]: 20: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,283 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {611#true} {611#true} #1747#return; {611#true} is VALID [2022-02-20 18:01:38,292 INFO L290 TraceCheckUtils]: 22: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {611#true} is VALID [2022-02-20 18:01:38,293 INFO L272 TraceCheckUtils]: 23: Hoare triple {611#true} call select_features_#t~ret62#1 := select_one(); {611#true} is VALID [2022-02-20 18:01:38,293 INFO L290 TraceCheckUtils]: 24: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,293 INFO L290 TraceCheckUtils]: 25: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,294 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {611#true} {611#true} #1749#return; {611#true} is VALID [2022-02-20 18:01:38,294 INFO L290 TraceCheckUtils]: 27: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {611#true} is VALID [2022-02-20 18:01:38,294 INFO L272 TraceCheckUtils]: 28: Hoare triple {611#true} call select_features_#t~ret63#1 := select_one(); {611#true} is VALID [2022-02-20 18:01:38,294 INFO L290 TraceCheckUtils]: 29: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,295 INFO L290 TraceCheckUtils]: 30: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,295 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {611#true} {611#true} #1751#return; {611#true} is VALID [2022-02-20 18:01:38,295 INFO L290 TraceCheckUtils]: 32: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {611#true} is VALID [2022-02-20 18:01:38,295 INFO L272 TraceCheckUtils]: 33: Hoare triple {611#true} call select_features_#t~ret64#1 := select_one(); {611#true} is VALID [2022-02-20 18:01:38,296 INFO L290 TraceCheckUtils]: 34: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,296 INFO L290 TraceCheckUtils]: 35: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,296 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {611#true} {611#true} #1753#return; {611#true} is VALID [2022-02-20 18:01:38,296 INFO L290 TraceCheckUtils]: 37: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {611#true} is VALID [2022-02-20 18:01:38,297 INFO L272 TraceCheckUtils]: 38: Hoare triple {611#true} call select_features_#t~ret65#1 := select_one(); {611#true} is VALID [2022-02-20 18:01:38,297 INFO L290 TraceCheckUtils]: 39: Hoare triple {611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {611#true} is VALID [2022-02-20 18:01:38,297 INFO L290 TraceCheckUtils]: 40: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,297 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {611#true} {611#true} #1755#return; {611#true} is VALID [2022-02-20 18:01:38,298 INFO L290 TraceCheckUtils]: 42: Hoare triple {611#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {611#true} is VALID [2022-02-20 18:01:38,298 INFO L290 TraceCheckUtils]: 43: Hoare triple {611#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {611#true} is VALID [2022-02-20 18:01:38,298 INFO L290 TraceCheckUtils]: 44: Hoare triple {611#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {611#true} is VALID [2022-02-20 18:01:38,298 INFO L290 TraceCheckUtils]: 45: Hoare triple {611#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~9#1 := 0; {611#true} is VALID [2022-02-20 18:01:38,299 INFO L290 TraceCheckUtils]: 46: Hoare triple {611#true} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {611#true} is VALID [2022-02-20 18:01:38,299 INFO L290 TraceCheckUtils]: 47: Hoare triple {611#true} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {611#true} is VALID [2022-02-20 18:01:38,299 INFO L290 TraceCheckUtils]: 48: Hoare triple {611#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {611#true} is VALID [2022-02-20 18:01:38,300 INFO L290 TraceCheckUtils]: 49: Hoare triple {611#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {611#true} is VALID [2022-02-20 18:01:38,301 INFO L272 TraceCheckUtils]: 50: Hoare triple {611#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:38,301 INFO L290 TraceCheckUtils]: 51: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {611#true} is VALID [2022-02-20 18:01:38,302 INFO L272 TraceCheckUtils]: 52: Hoare triple {611#true} call setClientId(~bob___0, ~bob___0); {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:38,302 INFO L290 TraceCheckUtils]: 53: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,303 INFO L290 TraceCheckUtils]: 54: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,303 INFO L290 TraceCheckUtils]: 55: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,303 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {611#true} {611#true} #1739#return; {611#true} is VALID [2022-02-20 18:01:38,303 INFO L290 TraceCheckUtils]: 57: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,304 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {611#true} {611#true} #1761#return; {611#true} is VALID [2022-02-20 18:01:38,305 INFO L290 TraceCheckUtils]: 59: Hoare triple {611#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {611#true} is VALID [2022-02-20 18:01:38,305 INFO L290 TraceCheckUtils]: 60: Hoare triple {611#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {611#true} is VALID [2022-02-20 18:01:38,306 INFO L272 TraceCheckUtils]: 61: Hoare triple {611#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:38,310 INFO L290 TraceCheckUtils]: 62: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {611#true} is VALID [2022-02-20 18:01:38,311 INFO L272 TraceCheckUtils]: 63: Hoare triple {611#true} call setClientId(~rjh___0, ~rjh___0); {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:38,311 INFO L290 TraceCheckUtils]: 64: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,311 INFO L290 TraceCheckUtils]: 65: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,311 INFO L290 TraceCheckUtils]: 66: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,312 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {611#true} {611#true} #1691#return; {611#true} is VALID [2022-02-20 18:01:38,312 INFO L290 TraceCheckUtils]: 68: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,312 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {611#true} {611#true} #1767#return; {611#true} is VALID [2022-02-20 18:01:38,312 INFO L290 TraceCheckUtils]: 70: Hoare triple {611#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {611#true} is VALID [2022-02-20 18:01:38,313 INFO L290 TraceCheckUtils]: 71: Hoare triple {611#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {611#true} is VALID [2022-02-20 18:01:38,313 INFO L272 TraceCheckUtils]: 72: Hoare triple {611#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:38,314 INFO L290 TraceCheckUtils]: 73: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {611#true} is VALID [2022-02-20 18:01:38,314 INFO L272 TraceCheckUtils]: 74: Hoare triple {611#true} call setClientId(~chuck___0, ~chuck___0); {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:38,315 INFO L290 TraceCheckUtils]: 75: Hoare triple {693#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,315 INFO L290 TraceCheckUtils]: 76: Hoare triple {611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,315 INFO L290 TraceCheckUtils]: 77: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,315 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {611#true} {611#true} #1629#return; {611#true} is VALID [2022-02-20 18:01:38,315 INFO L290 TraceCheckUtils]: 79: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,316 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {611#true} {611#true} #1773#return; {611#true} is VALID [2022-02-20 18:01:38,317 INFO L290 TraceCheckUtils]: 81: Hoare triple {611#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {611#true} is VALID [2022-02-20 18:01:38,317 INFO L290 TraceCheckUtils]: 82: Hoare triple {611#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {611#true} is VALID [2022-02-20 18:01:38,318 INFO L290 TraceCheckUtils]: 83: Hoare triple {611#true} assume false; {612#false} is VALID [2022-02-20 18:01:38,319 INFO L290 TraceCheckUtils]: 84: Hoare triple {612#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {612#false} is VALID [2022-02-20 18:01:38,319 INFO L272 TraceCheckUtils]: 85: Hoare triple {612#false} call sendEmail(~bob~0, ~rjh~0); {612#false} is VALID [2022-02-20 18:01:38,319 INFO L290 TraceCheckUtils]: 86: Hoare triple {612#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {612#false} is VALID [2022-02-20 18:01:38,320 INFO L272 TraceCheckUtils]: 87: Hoare triple {612#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {706#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:38,320 INFO L290 TraceCheckUtils]: 88: Hoare triple {706#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,320 INFO L290 TraceCheckUtils]: 89: Hoare triple {611#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,320 INFO L290 TraceCheckUtils]: 90: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,321 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {611#true} {612#false} #1651#return; {612#false} is VALID [2022-02-20 18:01:38,321 INFO L272 TraceCheckUtils]: 92: Hoare triple {612#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {707#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:38,322 INFO L290 TraceCheckUtils]: 93: Hoare triple {707#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,322 INFO L290 TraceCheckUtils]: 94: Hoare triple {611#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,322 INFO L290 TraceCheckUtils]: 95: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,322 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {611#true} {612#false} #1653#return; {612#false} is VALID [2022-02-20 18:01:38,322 INFO L290 TraceCheckUtils]: 97: Hoare triple {612#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {612#false} is VALID [2022-02-20 18:01:38,323 INFO L290 TraceCheckUtils]: 98: Hoare triple {612#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {612#false} is VALID [2022-02-20 18:01:38,323 INFO L272 TraceCheckUtils]: 99: Hoare triple {612#false} call outgoing(~sender#1, ~email~0#1); {612#false} is VALID [2022-02-20 18:01:38,323 INFO L290 TraceCheckUtils]: 100: Hoare triple {612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {612#false} is VALID [2022-02-20 18:01:38,323 INFO L290 TraceCheckUtils]: 101: Hoare triple {612#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {612#false} is VALID [2022-02-20 18:01:38,323 INFO L272 TraceCheckUtils]: 102: Hoare triple {612#false} call outgoing__before__Sign(~client#1, ~msg#1); {612#false} is VALID [2022-02-20 18:01:38,324 INFO L290 TraceCheckUtils]: 103: Hoare triple {612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {612#false} is VALID [2022-02-20 18:01:38,324 INFO L290 TraceCheckUtils]: 104: Hoare triple {612#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {612#false} is VALID [2022-02-20 18:01:38,325 INFO L272 TraceCheckUtils]: 105: Hoare triple {612#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {612#false} is VALID [2022-02-20 18:01:38,325 INFO L290 TraceCheckUtils]: 106: Hoare triple {612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {612#false} is VALID [2022-02-20 18:01:38,326 INFO L290 TraceCheckUtils]: 107: Hoare triple {612#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {612#false} is VALID [2022-02-20 18:01:38,326 INFO L272 TraceCheckUtils]: 108: Hoare triple {612#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {612#false} is VALID [2022-02-20 18:01:38,326 INFO L290 TraceCheckUtils]: 109: Hoare triple {612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {612#false} is VALID [2022-02-20 18:01:38,326 INFO L290 TraceCheckUtils]: 110: Hoare triple {612#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {612#false} is VALID [2022-02-20 18:01:38,326 INFO L290 TraceCheckUtils]: 111: Hoare triple {612#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {612#false} is VALID [2022-02-20 18:01:38,327 INFO L272 TraceCheckUtils]: 112: Hoare triple {612#false} call setEmailFrom(~msg#1, ~tmp~17#1); {706#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:38,329 INFO L290 TraceCheckUtils]: 113: Hoare triple {706#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {611#true} is VALID [2022-02-20 18:01:38,331 INFO L290 TraceCheckUtils]: 114: Hoare triple {611#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {611#true} is VALID [2022-02-20 18:01:38,331 INFO L290 TraceCheckUtils]: 115: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,331 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {611#true} {612#false} #1663#return; {612#false} is VALID [2022-02-20 18:01:38,331 INFO L290 TraceCheckUtils]: 117: Hoare triple {612#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {612#false} is VALID [2022-02-20 18:01:38,335 INFO L272 TraceCheckUtils]: 118: Hoare triple {612#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {611#true} is VALID [2022-02-20 18:01:38,335 INFO L290 TraceCheckUtils]: 119: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~35; {611#true} is VALID [2022-02-20 18:01:38,336 INFO L290 TraceCheckUtils]: 120: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {611#true} is VALID [2022-02-20 18:01:38,336 INFO L290 TraceCheckUtils]: 121: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,336 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {611#true} {612#false} #1665#return; {612#false} is VALID [2022-02-20 18:01:38,336 INFO L290 TraceCheckUtils]: 123: Hoare triple {612#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {612#false} is VALID [2022-02-20 18:01:38,337 INFO L290 TraceCheckUtils]: 124: Hoare triple {612#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {612#false} is VALID [2022-02-20 18:01:38,337 INFO L272 TraceCheckUtils]: 125: Hoare triple {612#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {611#true} is VALID [2022-02-20 18:01:38,337 INFO L290 TraceCheckUtils]: 126: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~32; {611#true} is VALID [2022-02-20 18:01:38,337 INFO L290 TraceCheckUtils]: 127: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {611#true} is VALID [2022-02-20 18:01:38,337 INFO L290 TraceCheckUtils]: 128: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,338 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {611#true} {612#false} #1667#return; {612#false} is VALID [2022-02-20 18:01:38,338 INFO L290 TraceCheckUtils]: 130: Hoare triple {612#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {612#false} is VALID [2022-02-20 18:01:38,338 INFO L290 TraceCheckUtils]: 131: Hoare triple {612#false} assume 1 == ~sent_encrypted~0; {612#false} is VALID [2022-02-20 18:01:38,338 INFO L272 TraceCheckUtils]: 132: Hoare triple {612#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {611#true} is VALID [2022-02-20 18:01:38,338 INFO L290 TraceCheckUtils]: 133: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~19; {611#true} is VALID [2022-02-20 18:01:38,339 INFO L290 TraceCheckUtils]: 134: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {611#true} is VALID [2022-02-20 18:01:38,339 INFO L290 TraceCheckUtils]: 135: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,339 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {611#true} {612#false} #1669#return; {612#false} is VALID [2022-02-20 18:01:38,339 INFO L290 TraceCheckUtils]: 137: Hoare triple {612#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {612#false} is VALID [2022-02-20 18:01:38,341 INFO L272 TraceCheckUtils]: 138: Hoare triple {612#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {611#true} is VALID [2022-02-20 18:01:38,342 INFO L290 TraceCheckUtils]: 139: Hoare triple {611#true} ~handle := #in~handle;havoc ~retValue_acc~36; {611#true} is VALID [2022-02-20 18:01:38,342 INFO L290 TraceCheckUtils]: 140: Hoare triple {611#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {611#true} is VALID [2022-02-20 18:01:38,342 INFO L290 TraceCheckUtils]: 141: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,342 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {611#true} {612#false} #1671#return; {612#false} is VALID [2022-02-20 18:01:38,342 INFO L290 TraceCheckUtils]: 143: Hoare triple {612#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {612#false} is VALID [2022-02-20 18:01:38,343 INFO L272 TraceCheckUtils]: 144: Hoare triple {612#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {611#true} is VALID [2022-02-20 18:01:38,343 INFO L290 TraceCheckUtils]: 145: Hoare triple {611#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {611#true} is VALID [2022-02-20 18:01:38,343 INFO L290 TraceCheckUtils]: 146: Hoare triple {611#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {611#true} is VALID [2022-02-20 18:01:38,343 INFO L290 TraceCheckUtils]: 147: Hoare triple {611#true} assume true; {611#true} is VALID [2022-02-20 18:01:38,343 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {611#true} {612#false} #1673#return; {612#false} is VALID [2022-02-20 18:01:38,344 INFO L290 TraceCheckUtils]: 149: Hoare triple {612#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {612#false} is VALID [2022-02-20 18:01:38,344 INFO L290 TraceCheckUtils]: 150: Hoare triple {612#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {612#false} is VALID [2022-02-20 18:01:38,348 INFO L290 TraceCheckUtils]: 151: Hoare triple {612#false} assume !false; {612#false} is VALID [2022-02-20 18:01:38,349 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:01:38,349 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:38,350 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1719611435] [2022-02-20 18:01:38,350 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1719611435] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:38,351 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:38,351 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:01:38,352 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1058738822] [2022-02-20 18:01:38,355 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:38,359 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) Word has length 152 [2022-02-20 18:01:38,361 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:38,365 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:38,486 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 129 edges. 129 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:38,487 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:01:38,487 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:38,507 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:01:38,508 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:01:38,513 INFO L87 Difference]: Start difference. First operand has 608 states, 451 states have (on average 1.5121951219512195) internal successors, (682), 471 states have internal predecessors, (682), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (112), 111 states have call predecessors, (112), 112 states have call successors, (112) Second operand has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:43,002 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:43,002 INFO L93 Difference]: Finished difference Result 1093 states and 1648 transitions. [2022-02-20 18:01:43,003 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:01:43,003 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) Word has length 152 [2022-02-20 18:01:43,004 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:43,005 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:43,048 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1648 transitions. [2022-02-20 18:01:43,049 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:43,087 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1648 transitions. [2022-02-20 18:01:43,087 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 1648 transitions. [2022-02-20 18:01:44,482 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1648 edges. 1648 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:44,542 INFO L225 Difference]: With dead ends: 1093 [2022-02-20 18:01:44,543 INFO L226 Difference]: Without dead ends: 747 [2022-02-20 18:01:44,547 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 54 GetRequests, 47 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:44,549 INFO L933 BasicCegarLoop]: 934 mSDtfsCounter, 1354 mSDsluCounter, 714 mSDsCounter, 0 mSdLazyCounter, 528 mSolverCounterSat, 643 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1362 SdHoareTripleChecker+Valid, 1648 SdHoareTripleChecker+Invalid, 1171 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 643 IncrementalHoareTripleChecker+Valid, 528 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.7s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:44,550 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1362 Valid, 1648 Invalid, 1171 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [643 Valid, 528 Invalid, 0 Unknown, 0 Unchecked, 1.7s Time] [2022-02-20 18:01:44,562 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 747 states. [2022-02-20 18:01:44,613 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 747 to 601. [2022-02-20 18:01:44,613 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:44,616 INFO L82 GeneralOperation]: Start isEquivalent. First operand 747 states. Second operand has 601 states, 445 states have (on average 1.5078651685393258) internal successors, (671), 464 states have internal predecessors, (671), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 18:01:44,619 INFO L74 IsIncluded]: Start isIncluded. First operand 747 states. Second operand has 601 states, 445 states have (on average 1.5078651685393258) internal successors, (671), 464 states have internal predecessors, (671), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 18:01:44,620 INFO L87 Difference]: Start difference. First operand 747 states. Second operand has 601 states, 445 states have (on average 1.5078651685393258) internal successors, (671), 464 states have internal predecessors, (671), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 18:01:44,656 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:44,656 INFO L93 Difference]: Finished difference Result 747 states and 1140 transitions. [2022-02-20 18:01:44,657 INFO L276 IsEmpty]: Start isEmpty. Operand 747 states and 1140 transitions. [2022-02-20 18:01:44,662 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:44,663 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:44,665 INFO L74 IsIncluded]: Start isIncluded. First operand has 601 states, 445 states have (on average 1.5078651685393258) internal successors, (671), 464 states have internal predecessors, (671), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) Second operand 747 states. [2022-02-20 18:01:44,666 INFO L87 Difference]: Start difference. First operand has 601 states, 445 states have (on average 1.5078651685393258) internal successors, (671), 464 states have internal predecessors, (671), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) Second operand 747 states. [2022-02-20 18:01:44,699 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:44,700 INFO L93 Difference]: Finished difference Result 747 states and 1140 transitions. [2022-02-20 18:01:44,700 INFO L276 IsEmpty]: Start isEmpty. Operand 747 states and 1140 transitions. [2022-02-20 18:01:44,705 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:44,705 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:44,705 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:44,705 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:44,707 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 601 states, 445 states have (on average 1.5078651685393258) internal successors, (671), 464 states have internal predecessors, (671), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 18:01:44,745 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 601 states to 601 states and 894 transitions. [2022-02-20 18:01:44,747 INFO L78 Accepts]: Start accepts. Automaton has 601 states and 894 transitions. Word has length 152 [2022-02-20 18:01:44,748 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:44,749 INFO L470 AbstractCegarLoop]: Abstraction has 601 states and 894 transitions. [2022-02-20 18:01:44,749 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 16.0) internal successors, (80), 2 states have internal predecessors, (80), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:44,750 INFO L276 IsEmpty]: Start isEmpty. Operand 601 states and 894 transitions. [2022-02-20 18:01:44,758 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 154 [2022-02-20 18:01:44,758 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:44,759 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:44,759 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:01:44,760 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:44,760 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:44,760 INFO L85 PathProgramCache]: Analyzing trace with hash 1403721134, now seen corresponding path program 1 times [2022-02-20 18:01:44,760 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:44,761 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [613399316] [2022-02-20 18:01:44,761 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:44,761 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:44,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,890 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:01:44,893 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,895 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:44,896 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,896 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4581#true} {4581#true} #1741#return; {4581#true} is VALID [2022-02-20 18:01:44,896 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:01:44,898 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,901 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:44,901 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,901 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4581#true} {4581#true} #1743#return; {4581#true} is VALID [2022-02-20 18:01:44,901 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:01:44,903 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,905 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:44,906 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,906 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4581#true} {4581#true} #1745#return; {4581#true} is VALID [2022-02-20 18:01:44,906 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:44,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,921 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:44,922 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,922 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4581#true} {4581#true} #1747#return; {4581#true} is VALID [2022-02-20 18:01:44,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:01:44,926 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,929 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:44,930 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,930 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4581#true} {4581#true} #1749#return; {4581#true} is VALID [2022-02-20 18:01:44,930 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:01:44,932 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,935 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:44,935 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,935 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4581#true} {4581#true} #1751#return; {4581#true} is VALID [2022-02-20 18:01:44,935 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:01:44,937 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,940 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:44,940 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,940 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4581#true} {4581#true} #1753#return; {4581#true} is VALID [2022-02-20 18:01:44,940 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:01:44,942 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,944 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:44,945 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,945 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4581#true} {4581#true} #1755#return; {4581#true} is VALID [2022-02-20 18:01:44,951 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 18:01:44,953 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,956 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:44,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,959 INFO L290 TraceCheckUtils]: 0: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:44,960 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:44,960 INFO L290 TraceCheckUtils]: 2: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,960 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4581#true} {4581#true} #1739#return; {4581#true} is VALID [2022-02-20 18:01:44,960 INFO L290 TraceCheckUtils]: 0: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4581#true} is VALID [2022-02-20 18:01:44,961 INFO L272 TraceCheckUtils]: 1: Hoare triple {4581#true} call setClientId(~bob___0, ~bob___0); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:44,961 INFO L290 TraceCheckUtils]: 2: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:44,961 INFO L290 TraceCheckUtils]: 3: Hoare triple {4581#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:44,961 INFO L290 TraceCheckUtils]: 4: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,961 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4581#true} {4581#true} #1739#return; {4581#true} is VALID [2022-02-20 18:01:44,962 INFO L290 TraceCheckUtils]: 6: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,962 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4581#true} {4582#false} #1761#return; {4582#false} is VALID [2022-02-20 18:01:44,962 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:01:44,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,966 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:44,967 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:44,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:44,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,970 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4581#true} {4581#true} #1691#return; {4581#true} is VALID [2022-02-20 18:01:44,970 INFO L290 TraceCheckUtils]: 0: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4581#true} is VALID [2022-02-20 18:01:44,970 INFO L272 TraceCheckUtils]: 1: Hoare triple {4581#true} call setClientId(~rjh___0, ~rjh___0); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:44,971 INFO L290 TraceCheckUtils]: 2: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:44,971 INFO L290 TraceCheckUtils]: 3: Hoare triple {4581#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:44,971 INFO L290 TraceCheckUtils]: 4: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,971 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4581#true} {4581#true} #1691#return; {4581#true} is VALID [2022-02-20 18:01:44,971 INFO L290 TraceCheckUtils]: 6: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,971 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4581#true} {4582#false} #1767#return; {4582#false} is VALID [2022-02-20 18:01:44,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:01:44,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,976 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:44,977 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,979 INFO L290 TraceCheckUtils]: 0: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:44,979 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:44,979 INFO L290 TraceCheckUtils]: 2: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,980 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4581#true} {4581#true} #1629#return; {4581#true} is VALID [2022-02-20 18:01:44,980 INFO L290 TraceCheckUtils]: 0: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4581#true} is VALID [2022-02-20 18:01:44,980 INFO L272 TraceCheckUtils]: 1: Hoare triple {4581#true} call setClientId(~chuck___0, ~chuck___0); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:44,981 INFO L290 TraceCheckUtils]: 2: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:44,981 INFO L290 TraceCheckUtils]: 3: Hoare triple {4581#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:44,981 INFO L290 TraceCheckUtils]: 4: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,981 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4581#true} {4581#true} #1629#return; {4581#true} is VALID [2022-02-20 18:01:44,981 INFO L290 TraceCheckUtils]: 6: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,981 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4581#true} {4582#false} #1773#return; {4582#false} is VALID [2022-02-20 18:01:44,987 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:01:44,988 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,992 INFO L290 TraceCheckUtils]: 0: Hoare triple {4679#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:44,992 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:44,992 INFO L290 TraceCheckUtils]: 2: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:44,993 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4581#true} {4582#false} #1651#return; {4582#false} is VALID [2022-02-20 18:01:44,998 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:01:45,000 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:45,007 INFO L290 TraceCheckUtils]: 0: Hoare triple {4680#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:45,008 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:45,008 INFO L290 TraceCheckUtils]: 2: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,008 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4581#true} {4582#false} #1653#return; {4582#false} is VALID [2022-02-20 18:01:45,008 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:01:45,009 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:45,011 INFO L290 TraceCheckUtils]: 0: Hoare triple {4679#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:45,011 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:45,012 INFO L290 TraceCheckUtils]: 2: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,012 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4581#true} {4582#false} #1663#return; {4582#false} is VALID [2022-02-20 18:01:45,012 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:01:45,013 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:45,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} ~handle := #in~handle;havoc ~retValue_acc~35; {4581#true} is VALID [2022-02-20 18:01:45,016 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {4581#true} is VALID [2022-02-20 18:01:45,016 INFO L290 TraceCheckUtils]: 2: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,016 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4581#true} {4582#false} #1665#return; {4582#false} is VALID [2022-02-20 18:01:45,016 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 18:01:45,017 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:45,019 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} ~handle := #in~handle;havoc ~retValue_acc~32; {4581#true} is VALID [2022-02-20 18:01:45,019 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {4581#true} is VALID [2022-02-20 18:01:45,020 INFO L290 TraceCheckUtils]: 2: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,020 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4581#true} {4582#false} #1667#return; {4582#false} is VALID [2022-02-20 18:01:45,020 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 18:01:45,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:45,023 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} ~handle := #in~handle;havoc ~retValue_acc~19; {4581#true} is VALID [2022-02-20 18:01:45,024 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {4581#true} is VALID [2022-02-20 18:01:45,024 INFO L290 TraceCheckUtils]: 2: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,024 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4581#true} {4582#false} #1669#return; {4582#false} is VALID [2022-02-20 18:01:45,024 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 139 [2022-02-20 18:01:45,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:45,027 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} ~handle := #in~handle;havoc ~retValue_acc~36; {4581#true} is VALID [2022-02-20 18:01:45,027 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {4581#true} is VALID [2022-02-20 18:01:45,027 INFO L290 TraceCheckUtils]: 2: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,027 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4581#true} {4582#false} #1671#return; {4582#false} is VALID [2022-02-20 18:01:45,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 145 [2022-02-20 18:01:45,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:45,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {4581#true} is VALID [2022-02-20 18:01:45,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {4581#true} is VALID [2022-02-20 18:01:45,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,031 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4581#true} {4582#false} #1673#return; {4582#false} is VALID [2022-02-20 18:01:45,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {4581#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {4581#true} is VALID [2022-02-20 18:01:45,032 INFO L290 TraceCheckUtils]: 1: Hoare triple {4581#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {4581#true} is VALID [2022-02-20 18:01:45,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {4581#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {4581#true} is VALID [2022-02-20 18:01:45,032 INFO L272 TraceCheckUtils]: 3: Hoare triple {4581#true} call select_features_#t~ret58#1 := select_one(); {4581#true} is VALID [2022-02-20 18:01:45,032 INFO L290 TraceCheckUtils]: 4: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:45,032 INFO L290 TraceCheckUtils]: 5: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,032 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {4581#true} {4581#true} #1741#return; {4581#true} is VALID [2022-02-20 18:01:45,032 INFO L290 TraceCheckUtils]: 7: Hoare triple {4581#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {4581#true} is VALID [2022-02-20 18:01:45,033 INFO L272 TraceCheckUtils]: 8: Hoare triple {4581#true} call select_features_#t~ret59#1 := select_one(); {4581#true} is VALID [2022-02-20 18:01:45,033 INFO L290 TraceCheckUtils]: 9: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:45,033 INFO L290 TraceCheckUtils]: 10: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,033 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {4581#true} {4581#true} #1743#return; {4581#true} is VALID [2022-02-20 18:01:45,033 INFO L290 TraceCheckUtils]: 12: Hoare triple {4581#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {4581#true} is VALID [2022-02-20 18:01:45,033 INFO L272 TraceCheckUtils]: 13: Hoare triple {4581#true} call select_features_#t~ret60#1 := select_one(); {4581#true} is VALID [2022-02-20 18:01:45,033 INFO L290 TraceCheckUtils]: 14: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:45,034 INFO L290 TraceCheckUtils]: 15: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,034 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4581#true} {4581#true} #1745#return; {4581#true} is VALID [2022-02-20 18:01:45,034 INFO L290 TraceCheckUtils]: 17: Hoare triple {4581#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {4581#true} is VALID [2022-02-20 18:01:45,034 INFO L272 TraceCheckUtils]: 18: Hoare triple {4581#true} call select_features_#t~ret61#1 := select_one(); {4581#true} is VALID [2022-02-20 18:01:45,034 INFO L290 TraceCheckUtils]: 19: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:45,034 INFO L290 TraceCheckUtils]: 20: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,034 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {4581#true} {4581#true} #1747#return; {4581#true} is VALID [2022-02-20 18:01:45,035 INFO L290 TraceCheckUtils]: 22: Hoare triple {4581#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {4581#true} is VALID [2022-02-20 18:01:45,035 INFO L272 TraceCheckUtils]: 23: Hoare triple {4581#true} call select_features_#t~ret62#1 := select_one(); {4581#true} is VALID [2022-02-20 18:01:45,035 INFO L290 TraceCheckUtils]: 24: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:45,035 INFO L290 TraceCheckUtils]: 25: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,035 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {4581#true} {4581#true} #1749#return; {4581#true} is VALID [2022-02-20 18:01:45,035 INFO L290 TraceCheckUtils]: 27: Hoare triple {4581#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {4581#true} is VALID [2022-02-20 18:01:45,035 INFO L272 TraceCheckUtils]: 28: Hoare triple {4581#true} call select_features_#t~ret63#1 := select_one(); {4581#true} is VALID [2022-02-20 18:01:45,036 INFO L290 TraceCheckUtils]: 29: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:45,036 INFO L290 TraceCheckUtils]: 30: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,036 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {4581#true} {4581#true} #1751#return; {4581#true} is VALID [2022-02-20 18:01:45,036 INFO L290 TraceCheckUtils]: 32: Hoare triple {4581#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {4581#true} is VALID [2022-02-20 18:01:45,036 INFO L272 TraceCheckUtils]: 33: Hoare triple {4581#true} call select_features_#t~ret64#1 := select_one(); {4581#true} is VALID [2022-02-20 18:01:45,036 INFO L290 TraceCheckUtils]: 34: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:45,036 INFO L290 TraceCheckUtils]: 35: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,037 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4581#true} {4581#true} #1753#return; {4581#true} is VALID [2022-02-20 18:01:45,037 INFO L290 TraceCheckUtils]: 37: Hoare triple {4581#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {4581#true} is VALID [2022-02-20 18:01:45,037 INFO L272 TraceCheckUtils]: 38: Hoare triple {4581#true} call select_features_#t~ret65#1 := select_one(); {4581#true} is VALID [2022-02-20 18:01:45,037 INFO L290 TraceCheckUtils]: 39: Hoare triple {4581#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {4581#true} is VALID [2022-02-20 18:01:45,037 INFO L290 TraceCheckUtils]: 40: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,037 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {4581#true} {4581#true} #1755#return; {4581#true} is VALID [2022-02-20 18:01:45,037 INFO L290 TraceCheckUtils]: 42: Hoare triple {4581#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {4581#true} is VALID [2022-02-20 18:01:45,038 INFO L290 TraceCheckUtils]: 43: Hoare triple {4581#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {4581#true} is VALID [2022-02-20 18:01:45,038 INFO L290 TraceCheckUtils]: 44: Hoare triple {4581#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {4581#true} is VALID [2022-02-20 18:01:45,039 INFO L290 TraceCheckUtils]: 45: Hoare triple {4581#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~9#1 := 0; {4607#(= |ULTIMATE.start_valid_product_~tmp~9#1| 0)} is VALID [2022-02-20 18:01:45,040 INFO L290 TraceCheckUtils]: 46: Hoare triple {4607#(= |ULTIMATE.start_valid_product_~tmp~9#1| 0)} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {4608#(= |ULTIMATE.start_valid_product_#res#1| 0)} is VALID [2022-02-20 18:01:45,040 INFO L290 TraceCheckUtils]: 47: Hoare triple {4608#(= |ULTIMATE.start_valid_product_#res#1| 0)} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {4609#(= |ULTIMATE.start_main_~tmp~14#1| 0)} is VALID [2022-02-20 18:01:45,044 INFO L290 TraceCheckUtils]: 48: Hoare triple {4609#(= |ULTIMATE.start_main_~tmp~14#1| 0)} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {4582#false} is VALID [2022-02-20 18:01:45,044 INFO L290 TraceCheckUtils]: 49: Hoare triple {4582#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4582#false} is VALID [2022-02-20 18:01:45,045 INFO L272 TraceCheckUtils]: 50: Hoare triple {4582#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:45,045 INFO L290 TraceCheckUtils]: 51: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4581#true} is VALID [2022-02-20 18:01:45,046 INFO L272 TraceCheckUtils]: 52: Hoare triple {4581#true} call setClientId(~bob___0, ~bob___0); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:45,046 INFO L290 TraceCheckUtils]: 53: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:45,046 INFO L290 TraceCheckUtils]: 54: Hoare triple {4581#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:45,046 INFO L290 TraceCheckUtils]: 55: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,046 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {4581#true} {4581#true} #1739#return; {4581#true} is VALID [2022-02-20 18:01:45,046 INFO L290 TraceCheckUtils]: 57: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,046 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4581#true} {4582#false} #1761#return; {4582#false} is VALID [2022-02-20 18:01:45,047 INFO L290 TraceCheckUtils]: 59: Hoare triple {4582#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {4582#false} is VALID [2022-02-20 18:01:45,047 INFO L290 TraceCheckUtils]: 60: Hoare triple {4582#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4582#false} is VALID [2022-02-20 18:01:45,047 INFO L272 TraceCheckUtils]: 61: Hoare triple {4582#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:45,047 INFO L290 TraceCheckUtils]: 62: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4581#true} is VALID [2022-02-20 18:01:45,048 INFO L272 TraceCheckUtils]: 63: Hoare triple {4581#true} call setClientId(~rjh___0, ~rjh___0); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:45,048 INFO L290 TraceCheckUtils]: 64: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:45,048 INFO L290 TraceCheckUtils]: 65: Hoare triple {4581#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:45,048 INFO L290 TraceCheckUtils]: 66: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,048 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {4581#true} {4581#true} #1691#return; {4581#true} is VALID [2022-02-20 18:01:45,048 INFO L290 TraceCheckUtils]: 68: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,048 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4581#true} {4582#false} #1767#return; {4582#false} is VALID [2022-02-20 18:01:45,049 INFO L290 TraceCheckUtils]: 70: Hoare triple {4582#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {4582#false} is VALID [2022-02-20 18:01:45,049 INFO L290 TraceCheckUtils]: 71: Hoare triple {4582#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4582#false} is VALID [2022-02-20 18:01:45,049 INFO L272 TraceCheckUtils]: 72: Hoare triple {4582#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:45,049 INFO L290 TraceCheckUtils]: 73: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4581#true} is VALID [2022-02-20 18:01:45,050 INFO L272 TraceCheckUtils]: 74: Hoare triple {4581#true} call setClientId(~chuck___0, ~chuck___0); {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:45,050 INFO L290 TraceCheckUtils]: 75: Hoare triple {4666#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:45,050 INFO L290 TraceCheckUtils]: 76: Hoare triple {4581#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:45,050 INFO L290 TraceCheckUtils]: 77: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,050 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {4581#true} {4581#true} #1629#return; {4581#true} is VALID [2022-02-20 18:01:45,050 INFO L290 TraceCheckUtils]: 79: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,050 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {4581#true} {4582#false} #1773#return; {4582#false} is VALID [2022-02-20 18:01:45,051 INFO L290 TraceCheckUtils]: 81: Hoare triple {4582#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {4582#false} is VALID [2022-02-20 18:01:45,051 INFO L290 TraceCheckUtils]: 82: Hoare triple {4582#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4582#false} is VALID [2022-02-20 18:01:45,051 INFO L290 TraceCheckUtils]: 83: Hoare triple {4582#false} assume !false; {4582#false} is VALID [2022-02-20 18:01:45,051 INFO L290 TraceCheckUtils]: 84: Hoare triple {4582#false} assume !(test_~splverifierCounter~0#1 < 4); {4582#false} is VALID [2022-02-20 18:01:45,051 INFO L290 TraceCheckUtils]: 85: Hoare triple {4582#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {4582#false} is VALID [2022-02-20 18:01:45,051 INFO L272 TraceCheckUtils]: 86: Hoare triple {4582#false} call sendEmail(~bob~0, ~rjh~0); {4582#false} is VALID [2022-02-20 18:01:45,052 INFO L290 TraceCheckUtils]: 87: Hoare triple {4582#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4582#false} is VALID [2022-02-20 18:01:45,052 INFO L272 TraceCheckUtils]: 88: Hoare triple {4582#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4679#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:45,052 INFO L290 TraceCheckUtils]: 89: Hoare triple {4679#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:45,052 INFO L290 TraceCheckUtils]: 90: Hoare triple {4581#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:45,052 INFO L290 TraceCheckUtils]: 91: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,052 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {4581#true} {4582#false} #1651#return; {4582#false} is VALID [2022-02-20 18:01:45,052 INFO L272 TraceCheckUtils]: 93: Hoare triple {4582#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4680#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:45,053 INFO L290 TraceCheckUtils]: 94: Hoare triple {4680#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:45,053 INFO L290 TraceCheckUtils]: 95: Hoare triple {4581#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:45,053 INFO L290 TraceCheckUtils]: 96: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,053 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {4581#true} {4582#false} #1653#return; {4582#false} is VALID [2022-02-20 18:01:45,053 INFO L290 TraceCheckUtils]: 98: Hoare triple {4582#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {4582#false} is VALID [2022-02-20 18:01:45,053 INFO L290 TraceCheckUtils]: 99: Hoare triple {4582#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {4582#false} is VALID [2022-02-20 18:01:45,053 INFO L272 TraceCheckUtils]: 100: Hoare triple {4582#false} call outgoing(~sender#1, ~email~0#1); {4582#false} is VALID [2022-02-20 18:01:45,054 INFO L290 TraceCheckUtils]: 101: Hoare triple {4582#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4582#false} is VALID [2022-02-20 18:01:45,054 INFO L290 TraceCheckUtils]: 102: Hoare triple {4582#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {4582#false} is VALID [2022-02-20 18:01:45,054 INFO L272 TraceCheckUtils]: 103: Hoare triple {4582#false} call outgoing__before__Sign(~client#1, ~msg#1); {4582#false} is VALID [2022-02-20 18:01:45,054 INFO L290 TraceCheckUtils]: 104: Hoare triple {4582#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4582#false} is VALID [2022-02-20 18:01:45,054 INFO L290 TraceCheckUtils]: 105: Hoare triple {4582#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {4582#false} is VALID [2022-02-20 18:01:45,054 INFO L272 TraceCheckUtils]: 106: Hoare triple {4582#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {4582#false} is VALID [2022-02-20 18:01:45,054 INFO L290 TraceCheckUtils]: 107: Hoare triple {4582#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4582#false} is VALID [2022-02-20 18:01:45,055 INFO L290 TraceCheckUtils]: 108: Hoare triple {4582#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4582#false} is VALID [2022-02-20 18:01:45,055 INFO L272 TraceCheckUtils]: 109: Hoare triple {4582#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {4582#false} is VALID [2022-02-20 18:01:45,055 INFO L290 TraceCheckUtils]: 110: Hoare triple {4582#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {4582#false} is VALID [2022-02-20 18:01:45,055 INFO L290 TraceCheckUtils]: 111: Hoare triple {4582#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {4582#false} is VALID [2022-02-20 18:01:45,055 INFO L290 TraceCheckUtils]: 112: Hoare triple {4582#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {4582#false} is VALID [2022-02-20 18:01:45,055 INFO L272 TraceCheckUtils]: 113: Hoare triple {4582#false} call setEmailFrom(~msg#1, ~tmp~17#1); {4679#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:45,055 INFO L290 TraceCheckUtils]: 114: Hoare triple {4679#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4581#true} is VALID [2022-02-20 18:01:45,056 INFO L290 TraceCheckUtils]: 115: Hoare triple {4581#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4581#true} is VALID [2022-02-20 18:01:45,056 INFO L290 TraceCheckUtils]: 116: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,056 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {4581#true} {4582#false} #1663#return; {4582#false} is VALID [2022-02-20 18:01:45,056 INFO L290 TraceCheckUtils]: 118: Hoare triple {4582#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {4582#false} is VALID [2022-02-20 18:01:45,056 INFO L272 TraceCheckUtils]: 119: Hoare triple {4582#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {4581#true} is VALID [2022-02-20 18:01:45,056 INFO L290 TraceCheckUtils]: 120: Hoare triple {4581#true} ~handle := #in~handle;havoc ~retValue_acc~35; {4581#true} is VALID [2022-02-20 18:01:45,056 INFO L290 TraceCheckUtils]: 121: Hoare triple {4581#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {4581#true} is VALID [2022-02-20 18:01:45,057 INFO L290 TraceCheckUtils]: 122: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,057 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {4581#true} {4582#false} #1665#return; {4582#false} is VALID [2022-02-20 18:01:45,057 INFO L290 TraceCheckUtils]: 124: Hoare triple {4582#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {4582#false} is VALID [2022-02-20 18:01:45,057 INFO L290 TraceCheckUtils]: 125: Hoare triple {4582#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {4582#false} is VALID [2022-02-20 18:01:45,057 INFO L272 TraceCheckUtils]: 126: Hoare triple {4582#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {4581#true} is VALID [2022-02-20 18:01:45,057 INFO L290 TraceCheckUtils]: 127: Hoare triple {4581#true} ~handle := #in~handle;havoc ~retValue_acc~32; {4581#true} is VALID [2022-02-20 18:01:45,057 INFO L290 TraceCheckUtils]: 128: Hoare triple {4581#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {4581#true} is VALID [2022-02-20 18:01:45,058 INFO L290 TraceCheckUtils]: 129: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,058 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {4581#true} {4582#false} #1667#return; {4582#false} is VALID [2022-02-20 18:01:45,058 INFO L290 TraceCheckUtils]: 131: Hoare triple {4582#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {4582#false} is VALID [2022-02-20 18:01:45,058 INFO L290 TraceCheckUtils]: 132: Hoare triple {4582#false} assume 1 == ~sent_encrypted~0; {4582#false} is VALID [2022-02-20 18:01:45,058 INFO L272 TraceCheckUtils]: 133: Hoare triple {4582#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {4581#true} is VALID [2022-02-20 18:01:45,058 INFO L290 TraceCheckUtils]: 134: Hoare triple {4581#true} ~handle := #in~handle;havoc ~retValue_acc~19; {4581#true} is VALID [2022-02-20 18:01:45,058 INFO L290 TraceCheckUtils]: 135: Hoare triple {4581#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {4581#true} is VALID [2022-02-20 18:01:45,059 INFO L290 TraceCheckUtils]: 136: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,059 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {4581#true} {4582#false} #1669#return; {4582#false} is VALID [2022-02-20 18:01:45,059 INFO L290 TraceCheckUtils]: 138: Hoare triple {4582#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {4582#false} is VALID [2022-02-20 18:01:45,059 INFO L272 TraceCheckUtils]: 139: Hoare triple {4582#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {4581#true} is VALID [2022-02-20 18:01:45,059 INFO L290 TraceCheckUtils]: 140: Hoare triple {4581#true} ~handle := #in~handle;havoc ~retValue_acc~36; {4581#true} is VALID [2022-02-20 18:01:45,059 INFO L290 TraceCheckUtils]: 141: Hoare triple {4581#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {4581#true} is VALID [2022-02-20 18:01:45,059 INFO L290 TraceCheckUtils]: 142: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,059 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {4581#true} {4582#false} #1671#return; {4582#false} is VALID [2022-02-20 18:01:45,060 INFO L290 TraceCheckUtils]: 144: Hoare triple {4582#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {4582#false} is VALID [2022-02-20 18:01:45,060 INFO L272 TraceCheckUtils]: 145: Hoare triple {4582#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {4581#true} is VALID [2022-02-20 18:01:45,060 INFO L290 TraceCheckUtils]: 146: Hoare triple {4581#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {4581#true} is VALID [2022-02-20 18:01:45,060 INFO L290 TraceCheckUtils]: 147: Hoare triple {4581#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {4581#true} is VALID [2022-02-20 18:01:45,060 INFO L290 TraceCheckUtils]: 148: Hoare triple {4581#true} assume true; {4581#true} is VALID [2022-02-20 18:01:45,060 INFO L284 TraceCheckUtils]: 149: Hoare quadruple {4581#true} {4582#false} #1673#return; {4582#false} is VALID [2022-02-20 18:01:45,060 INFO L290 TraceCheckUtils]: 150: Hoare triple {4582#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {4582#false} is VALID [2022-02-20 18:01:45,061 INFO L290 TraceCheckUtils]: 151: Hoare triple {4582#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {4582#false} is VALID [2022-02-20 18:01:45,061 INFO L290 TraceCheckUtils]: 152: Hoare triple {4582#false} assume !false; {4582#false} is VALID [2022-02-20 18:01:45,061 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:01:45,061 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:45,062 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [613399316] [2022-02-20 18:01:45,062 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [613399316] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:45,062 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:45,062 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:01:45,062 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [183270846] [2022-02-20 18:01:45,062 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:45,064 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) Word has length 153 [2022-02-20 18:01:45,064 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:45,064 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:45,152 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 130 edges. 130 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:45,153 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:01:45,153 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:45,153 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:01:45,154 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:01:45,154 INFO L87 Difference]: Start difference. First operand 601 states and 894 transitions. Second operand has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:54,312 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:54,313 INFO L93 Difference]: Finished difference Result 1312 states and 1978 transitions. [2022-02-20 18:01:54,313 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 18:01:54,313 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) Word has length 153 [2022-02-20 18:01:54,314 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:54,314 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:54,337 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1978 transitions. [2022-02-20 18:01:54,337 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:54,380 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1978 transitions. [2022-02-20 18:01:54,380 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1978 transitions. [2022-02-20 18:01:56,074 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1978 edges. 1978 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:56,118 INFO L225 Difference]: With dead ends: 1312 [2022-02-20 18:01:56,118 INFO L226 Difference]: Without dead ends: 747 [2022-02-20 18:01:56,124 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 59 GetRequests, 47 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=139, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:01:56,126 INFO L933 BasicCegarLoop]: 917 mSDtfsCounter, 1368 mSDsluCounter, 1474 mSDsCounter, 0 mSdLazyCounter, 2980 mSolverCounterSat, 653 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1374 SdHoareTripleChecker+Valid, 2391 SdHoareTripleChecker+Invalid, 3633 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 653 IncrementalHoareTripleChecker+Valid, 2980 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:56,127 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1374 Valid, 2391 Invalid, 3633 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [653 Valid, 2980 Invalid, 0 Unknown, 0 Unchecked, 4.2s Time] [2022-02-20 18:01:56,130 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 747 states. [2022-02-20 18:01:56,194 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 747 to 601. [2022-02-20 18:01:56,195 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:56,196 INFO L82 GeneralOperation]: Start isEquivalent. First operand 747 states. Second operand has 601 states, 445 states have (on average 1.4921348314606742) internal successors, (664), 464 states have internal predecessors, (664), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 18:01:56,198 INFO L74 IsIncluded]: Start isIncluded. First operand 747 states. Second operand has 601 states, 445 states have (on average 1.4921348314606742) internal successors, (664), 464 states have internal predecessors, (664), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 18:01:56,199 INFO L87 Difference]: Start difference. First operand 747 states. Second operand has 601 states, 445 states have (on average 1.4921348314606742) internal successors, (664), 464 states have internal predecessors, (664), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 18:01:56,235 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:56,235 INFO L93 Difference]: Finished difference Result 747 states and 1133 transitions. [2022-02-20 18:01:56,236 INFO L276 IsEmpty]: Start isEmpty. Operand 747 states and 1133 transitions. [2022-02-20 18:01:56,239 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:56,239 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:56,241 INFO L74 IsIncluded]: Start isIncluded. First operand has 601 states, 445 states have (on average 1.4921348314606742) internal successors, (664), 464 states have internal predecessors, (664), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) Second operand 747 states. [2022-02-20 18:01:56,242 INFO L87 Difference]: Start difference. First operand has 601 states, 445 states have (on average 1.4921348314606742) internal successors, (664), 464 states have internal predecessors, (664), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) Second operand 747 states. [2022-02-20 18:01:56,278 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:56,278 INFO L93 Difference]: Finished difference Result 747 states and 1133 transitions. [2022-02-20 18:01:56,278 INFO L276 IsEmpty]: Start isEmpty. Operand 747 states and 1133 transitions. [2022-02-20 18:01:56,281 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:56,282 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:56,282 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:56,282 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:56,284 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 601 states, 445 states have (on average 1.4921348314606742) internal successors, (664), 464 states have internal predecessors, (664), 112 states have call successors, (112), 43 states have call predecessors, (112), 43 states have return successors, (111), 110 states have call predecessors, (111), 111 states have call successors, (111) [2022-02-20 18:01:56,314 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 601 states to 601 states and 887 transitions. [2022-02-20 18:01:56,318 INFO L78 Accepts]: Start accepts. Automaton has 601 states and 887 transitions. Word has length 153 [2022-02-20 18:01:56,318 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:56,319 INFO L470 AbstractCegarLoop]: Abstraction has 601 states and 887 transitions. [2022-02-20 18:01:56,319 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:01:56,319 INFO L276 IsEmpty]: Start isEmpty. Operand 601 states and 887 transitions. [2022-02-20 18:01:56,323 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 159 [2022-02-20 18:01:56,323 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:56,324 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:56,324 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:01:56,324 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:56,325 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:56,325 INFO L85 PathProgramCache]: Analyzing trace with hash 1239383395, now seen corresponding path program 1 times [2022-02-20 18:01:56,325 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:56,325 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2016910295] [2022-02-20 18:01:56,325 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:56,326 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:56,399 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,441 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:01:56,444 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,447 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,447 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,447 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8849#true} #1741#return; {8849#true} is VALID [2022-02-20 18:01:56,447 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:01:56,449 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,452 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,453 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,453 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8849#true} #1743#return; {8849#true} is VALID [2022-02-20 18:01:56,453 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:01:56,456 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,459 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,461 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,463 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1745#return; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,463 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:56,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,472 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,472 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,473 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1747#return; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,473 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:01:56,477 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,485 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,486 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,486 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1749#return; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,486 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:01:56,490 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,493 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,494 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,496 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1751#return; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,496 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:01:56,502 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,505 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,506 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,506 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1753#return; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,506 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:01:56,510 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,512 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,513 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,513 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8849#true} {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1755#return; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:01:56,522 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,525 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:56,525 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,531 INFO L290 TraceCheckUtils]: 0: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,531 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,531 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,532 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8849#true} #1739#return; {8849#true} is VALID [2022-02-20 18:01:56,532 INFO L290 TraceCheckUtils]: 0: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8849#true} is VALID [2022-02-20 18:01:56,533 INFO L272 TraceCheckUtils]: 1: Hoare triple {8849#true} call setClientId(~bob___0, ~bob___0); {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:56,533 INFO L290 TraceCheckUtils]: 2: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,533 INFO L290 TraceCheckUtils]: 3: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,533 INFO L290 TraceCheckUtils]: 4: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,533 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8849#true} {8849#true} #1739#return; {8849#true} is VALID [2022-02-20 18:01:56,533 INFO L290 TraceCheckUtils]: 6: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,533 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8849#true} {8850#false} #1761#return; {8850#false} is VALID [2022-02-20 18:01:56,534 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:01:56,538 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,541 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:56,542 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,544 INFO L290 TraceCheckUtils]: 0: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,544 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,545 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,545 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8849#true} #1691#return; {8849#true} is VALID [2022-02-20 18:01:56,545 INFO L290 TraceCheckUtils]: 0: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8849#true} is VALID [2022-02-20 18:01:56,546 INFO L272 TraceCheckUtils]: 1: Hoare triple {8849#true} call setClientId(~rjh___0, ~rjh___0); {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:56,546 INFO L290 TraceCheckUtils]: 2: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,546 INFO L290 TraceCheckUtils]: 3: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,546 INFO L290 TraceCheckUtils]: 4: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,546 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8849#true} {8849#true} #1691#return; {8849#true} is VALID [2022-02-20 18:01:56,547 INFO L290 TraceCheckUtils]: 6: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,547 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8849#true} {8850#false} #1767#return; {8850#false} is VALID [2022-02-20 18:01:56,547 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:01:56,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,552 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:01:56,553 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,555 INFO L290 TraceCheckUtils]: 0: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,555 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,556 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,556 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8849#true} #1629#return; {8849#true} is VALID [2022-02-20 18:01:56,556 INFO L290 TraceCheckUtils]: 0: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8849#true} is VALID [2022-02-20 18:01:56,557 INFO L272 TraceCheckUtils]: 1: Hoare triple {8849#true} call setClientId(~chuck___0, ~chuck___0); {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:56,557 INFO L290 TraceCheckUtils]: 2: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,557 INFO L290 TraceCheckUtils]: 3: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,557 INFO L290 TraceCheckUtils]: 4: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,557 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8849#true} {8849#true} #1629#return; {8849#true} is VALID [2022-02-20 18:01:56,557 INFO L290 TraceCheckUtils]: 6: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,558 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8849#true} {8850#false} #1773#return; {8850#false} is VALID [2022-02-20 18:01:56,562 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:01:56,563 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,567 INFO L290 TraceCheckUtils]: 0: Hoare triple {8945#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,567 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,568 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,568 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1651#return; {8850#false} is VALID [2022-02-20 18:01:56,573 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:01:56,574 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,577 INFO L290 TraceCheckUtils]: 0: Hoare triple {8946#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,577 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,577 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,577 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1653#return; {8850#false} is VALID [2022-02-20 18:01:56,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:01:56,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,582 INFO L290 TraceCheckUtils]: 0: Hoare triple {8945#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,582 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,583 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,583 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1663#return; {8850#false} is VALID [2022-02-20 18:01:56,583 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 18:01:56,584 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,597 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~35; {8849#true} is VALID [2022-02-20 18:01:56,598 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {8849#true} is VALID [2022-02-20 18:01:56,598 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,598 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1665#return; {8850#false} is VALID [2022-02-20 18:01:56,598 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 18:01:56,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,602 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~32; {8849#true} is VALID [2022-02-20 18:01:56,602 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {8849#true} is VALID [2022-02-20 18:01:56,602 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,602 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1667#return; {8850#false} is VALID [2022-02-20 18:01:56,603 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 18:01:56,604 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~19; {8849#true} is VALID [2022-02-20 18:01:56,606 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {8849#true} is VALID [2022-02-20 18:01:56,606 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,606 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1669#return; {8850#false} is VALID [2022-02-20 18:01:56,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-02-20 18:01:56,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,609 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8849#true} is VALID [2022-02-20 18:01:56,609 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {8849#true} is VALID [2022-02-20 18:01:56,610 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,610 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1671#return; {8850#false} is VALID [2022-02-20 18:01:56,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-02-20 18:01:56,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,613 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {8849#true} is VALID [2022-02-20 18:01:56,613 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {8849#true} is VALID [2022-02-20 18:01:56,613 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,613 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8849#true} {8850#false} #1673#return; {8850#false} is VALID [2022-02-20 18:01:56,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {8849#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {8849#true} is VALID [2022-02-20 18:01:56,614 INFO L290 TraceCheckUtils]: 1: Hoare triple {8849#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {8849#true} is VALID [2022-02-20 18:01:56,614 INFO L290 TraceCheckUtils]: 2: Hoare triple {8849#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {8849#true} is VALID [2022-02-20 18:01:56,614 INFO L272 TraceCheckUtils]: 3: Hoare triple {8849#true} call select_features_#t~ret58#1 := select_one(); {8849#true} is VALID [2022-02-20 18:01:56,614 INFO L290 TraceCheckUtils]: 4: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,615 INFO L290 TraceCheckUtils]: 5: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,615 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {8849#true} {8849#true} #1741#return; {8849#true} is VALID [2022-02-20 18:01:56,615 INFO L290 TraceCheckUtils]: 7: Hoare triple {8849#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {8849#true} is VALID [2022-02-20 18:01:56,615 INFO L272 TraceCheckUtils]: 8: Hoare triple {8849#true} call select_features_#t~ret59#1 := select_one(); {8849#true} is VALID [2022-02-20 18:01:56,615 INFO L290 TraceCheckUtils]: 9: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,615 INFO L290 TraceCheckUtils]: 10: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,616 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {8849#true} {8849#true} #1743#return; {8849#true} is VALID [2022-02-20 18:01:56,616 INFO L290 TraceCheckUtils]: 12: Hoare triple {8849#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,616 INFO L272 TraceCheckUtils]: 13: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret60#1 := select_one(); {8849#true} is VALID [2022-02-20 18:01:56,616 INFO L290 TraceCheckUtils]: 14: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,616 INFO L290 TraceCheckUtils]: 15: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,617 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8849#true} {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1745#return; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,617 INFO L290 TraceCheckUtils]: 17: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,617 INFO L272 TraceCheckUtils]: 18: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret61#1 := select_one(); {8849#true} is VALID [2022-02-20 18:01:56,618 INFO L290 TraceCheckUtils]: 19: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,618 INFO L290 TraceCheckUtils]: 20: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,618 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {8849#true} {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1747#return; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,619 INFO L290 TraceCheckUtils]: 22: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,619 INFO L272 TraceCheckUtils]: 23: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret62#1 := select_one(); {8849#true} is VALID [2022-02-20 18:01:56,619 INFO L290 TraceCheckUtils]: 24: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,619 INFO L290 TraceCheckUtils]: 25: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,620 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {8849#true} {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1749#return; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,620 INFO L290 TraceCheckUtils]: 27: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,620 INFO L272 TraceCheckUtils]: 28: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret63#1 := select_one(); {8849#true} is VALID [2022-02-20 18:01:56,620 INFO L290 TraceCheckUtils]: 29: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,620 INFO L290 TraceCheckUtils]: 30: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,621 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {8849#true} {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1751#return; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,621 INFO L290 TraceCheckUtils]: 32: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,621 INFO L272 TraceCheckUtils]: 33: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret64#1 := select_one(); {8849#true} is VALID [2022-02-20 18:01:56,622 INFO L290 TraceCheckUtils]: 34: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,622 INFO L290 TraceCheckUtils]: 35: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,622 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {8849#true} {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1753#return; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,623 INFO L290 TraceCheckUtils]: 37: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,623 INFO L272 TraceCheckUtils]: 38: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret65#1 := select_one(); {8849#true} is VALID [2022-02-20 18:01:56,623 INFO L290 TraceCheckUtils]: 39: Hoare triple {8849#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {8849#true} is VALID [2022-02-20 18:01:56,623 INFO L290 TraceCheckUtils]: 40: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,624 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8849#true} {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1755#return; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,624 INFO L290 TraceCheckUtils]: 42: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,624 INFO L290 TraceCheckUtils]: 43: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:01:56,625 INFO L290 TraceCheckUtils]: 44: Hoare triple {8857#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8850#false} is VALID [2022-02-20 18:01:56,625 INFO L290 TraceCheckUtils]: 45: Hoare triple {8850#false} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {8850#false} is VALID [2022-02-20 18:01:56,625 INFO L290 TraceCheckUtils]: 46: Hoare triple {8850#false} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8850#false} is VALID [2022-02-20 18:01:56,625 INFO L290 TraceCheckUtils]: 47: Hoare triple {8850#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8850#false} is VALID [2022-02-20 18:01:56,625 INFO L290 TraceCheckUtils]: 48: Hoare triple {8850#false} assume 0 == ~__SELECTED_FEATURE_Verify~0; {8850#false} is VALID [2022-02-20 18:01:56,626 INFO L290 TraceCheckUtils]: 49: Hoare triple {8850#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8850#false} is VALID [2022-02-20 18:01:56,626 INFO L290 TraceCheckUtils]: 50: Hoare triple {8850#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~9#1 := 1; {8850#false} is VALID [2022-02-20 18:01:56,626 INFO L290 TraceCheckUtils]: 51: Hoare triple {8850#false} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {8850#false} is VALID [2022-02-20 18:01:56,626 INFO L290 TraceCheckUtils]: 52: Hoare triple {8850#false} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {8850#false} is VALID [2022-02-20 18:01:56,626 INFO L290 TraceCheckUtils]: 53: Hoare triple {8850#false} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {8850#false} is VALID [2022-02-20 18:01:56,626 INFO L290 TraceCheckUtils]: 54: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8850#false} is VALID [2022-02-20 18:01:56,627 INFO L272 TraceCheckUtils]: 55: Hoare triple {8850#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:56,627 INFO L290 TraceCheckUtils]: 56: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8849#true} is VALID [2022-02-20 18:01:56,627 INFO L272 TraceCheckUtils]: 57: Hoare triple {8849#true} call setClientId(~bob___0, ~bob___0); {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:56,628 INFO L290 TraceCheckUtils]: 58: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,628 INFO L290 TraceCheckUtils]: 59: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,628 INFO L290 TraceCheckUtils]: 60: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,629 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {8849#true} {8849#true} #1739#return; {8849#true} is VALID [2022-02-20 18:01:56,629 INFO L290 TraceCheckUtils]: 62: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,629 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {8849#true} {8850#false} #1761#return; {8850#false} is VALID [2022-02-20 18:01:56,632 INFO L290 TraceCheckUtils]: 64: Hoare triple {8850#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {8850#false} is VALID [2022-02-20 18:01:56,632 INFO L290 TraceCheckUtils]: 65: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8850#false} is VALID [2022-02-20 18:01:56,633 INFO L272 TraceCheckUtils]: 66: Hoare triple {8850#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:56,633 INFO L290 TraceCheckUtils]: 67: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8849#true} is VALID [2022-02-20 18:01:56,633 INFO L272 TraceCheckUtils]: 68: Hoare triple {8849#true} call setClientId(~rjh___0, ~rjh___0); {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:56,634 INFO L290 TraceCheckUtils]: 69: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,634 INFO L290 TraceCheckUtils]: 70: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,634 INFO L290 TraceCheckUtils]: 71: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,634 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {8849#true} {8849#true} #1691#return; {8849#true} is VALID [2022-02-20 18:01:56,634 INFO L290 TraceCheckUtils]: 73: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,634 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {8849#true} {8850#false} #1767#return; {8850#false} is VALID [2022-02-20 18:01:56,635 INFO L290 TraceCheckUtils]: 75: Hoare triple {8850#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {8850#false} is VALID [2022-02-20 18:01:56,635 INFO L290 TraceCheckUtils]: 76: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8850#false} is VALID [2022-02-20 18:01:56,635 INFO L272 TraceCheckUtils]: 77: Hoare triple {8850#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:56,635 INFO L290 TraceCheckUtils]: 78: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8849#true} is VALID [2022-02-20 18:01:56,636 INFO L272 TraceCheckUtils]: 79: Hoare triple {8849#true} call setClientId(~chuck___0, ~chuck___0); {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:56,636 INFO L290 TraceCheckUtils]: 80: Hoare triple {8932#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,636 INFO L290 TraceCheckUtils]: 81: Hoare triple {8849#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,636 INFO L290 TraceCheckUtils]: 82: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,636 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {8849#true} {8849#true} #1629#return; {8849#true} is VALID [2022-02-20 18:01:56,637 INFO L290 TraceCheckUtils]: 84: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,637 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8849#true} {8850#false} #1773#return; {8850#false} is VALID [2022-02-20 18:01:56,637 INFO L290 TraceCheckUtils]: 86: Hoare triple {8850#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {8850#false} is VALID [2022-02-20 18:01:56,637 INFO L290 TraceCheckUtils]: 87: Hoare triple {8850#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8850#false} is VALID [2022-02-20 18:01:56,637 INFO L290 TraceCheckUtils]: 88: Hoare triple {8850#false} assume !false; {8850#false} is VALID [2022-02-20 18:01:56,637 INFO L290 TraceCheckUtils]: 89: Hoare triple {8850#false} assume !(test_~splverifierCounter~0#1 < 4); {8850#false} is VALID [2022-02-20 18:01:56,638 INFO L290 TraceCheckUtils]: 90: Hoare triple {8850#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {8850#false} is VALID [2022-02-20 18:01:56,638 INFO L272 TraceCheckUtils]: 91: Hoare triple {8850#false} call sendEmail(~bob~0, ~rjh~0); {8850#false} is VALID [2022-02-20 18:01:56,638 INFO L290 TraceCheckUtils]: 92: Hoare triple {8850#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8850#false} is VALID [2022-02-20 18:01:56,638 INFO L272 TraceCheckUtils]: 93: Hoare triple {8850#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8945#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:56,638 INFO L290 TraceCheckUtils]: 94: Hoare triple {8945#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,638 INFO L290 TraceCheckUtils]: 95: Hoare triple {8849#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,639 INFO L290 TraceCheckUtils]: 96: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,639 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8849#true} {8850#false} #1651#return; {8850#false} is VALID [2022-02-20 18:01:56,639 INFO L272 TraceCheckUtils]: 98: Hoare triple {8850#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8946#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:56,639 INFO L290 TraceCheckUtils]: 99: Hoare triple {8946#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,639 INFO L290 TraceCheckUtils]: 100: Hoare triple {8849#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,639 INFO L290 TraceCheckUtils]: 101: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,640 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {8849#true} {8850#false} #1653#return; {8850#false} is VALID [2022-02-20 18:01:56,640 INFO L290 TraceCheckUtils]: 103: Hoare triple {8850#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {8850#false} is VALID [2022-02-20 18:01:56,640 INFO L290 TraceCheckUtils]: 104: Hoare triple {8850#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {8850#false} is VALID [2022-02-20 18:01:56,640 INFO L272 TraceCheckUtils]: 105: Hoare triple {8850#false} call outgoing(~sender#1, ~email~0#1); {8850#false} is VALID [2022-02-20 18:01:56,640 INFO L290 TraceCheckUtils]: 106: Hoare triple {8850#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8850#false} is VALID [2022-02-20 18:01:56,640 INFO L290 TraceCheckUtils]: 107: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {8850#false} is VALID [2022-02-20 18:01:56,640 INFO L272 TraceCheckUtils]: 108: Hoare triple {8850#false} call outgoing__before__Sign(~client#1, ~msg#1); {8850#false} is VALID [2022-02-20 18:01:56,641 INFO L290 TraceCheckUtils]: 109: Hoare triple {8850#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8850#false} is VALID [2022-02-20 18:01:56,641 INFO L290 TraceCheckUtils]: 110: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {8850#false} is VALID [2022-02-20 18:01:56,641 INFO L272 TraceCheckUtils]: 111: Hoare triple {8850#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {8850#false} is VALID [2022-02-20 18:01:56,641 INFO L290 TraceCheckUtils]: 112: Hoare triple {8850#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8850#false} is VALID [2022-02-20 18:01:56,641 INFO L290 TraceCheckUtils]: 113: Hoare triple {8850#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8850#false} is VALID [2022-02-20 18:01:56,641 INFO L272 TraceCheckUtils]: 114: Hoare triple {8850#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {8850#false} is VALID [2022-02-20 18:01:56,642 INFO L290 TraceCheckUtils]: 115: Hoare triple {8850#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {8850#false} is VALID [2022-02-20 18:01:56,642 INFO L290 TraceCheckUtils]: 116: Hoare triple {8850#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {8850#false} is VALID [2022-02-20 18:01:56,657 INFO L290 TraceCheckUtils]: 117: Hoare triple {8850#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {8850#false} is VALID [2022-02-20 18:01:56,658 INFO L272 TraceCheckUtils]: 118: Hoare triple {8850#false} call setEmailFrom(~msg#1, ~tmp~17#1); {8945#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:56,658 INFO L290 TraceCheckUtils]: 119: Hoare triple {8945#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8849#true} is VALID [2022-02-20 18:01:56,658 INFO L290 TraceCheckUtils]: 120: Hoare triple {8849#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8849#true} is VALID [2022-02-20 18:01:56,658 INFO L290 TraceCheckUtils]: 121: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,658 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {8849#true} {8850#false} #1663#return; {8850#false} is VALID [2022-02-20 18:01:56,659 INFO L290 TraceCheckUtils]: 123: Hoare triple {8850#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {8850#false} is VALID [2022-02-20 18:01:56,659 INFO L272 TraceCheckUtils]: 124: Hoare triple {8850#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {8849#true} is VALID [2022-02-20 18:01:56,659 INFO L290 TraceCheckUtils]: 125: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~35; {8849#true} is VALID [2022-02-20 18:01:56,659 INFO L290 TraceCheckUtils]: 126: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {8849#true} is VALID [2022-02-20 18:01:56,659 INFO L290 TraceCheckUtils]: 127: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,659 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {8849#true} {8850#false} #1665#return; {8850#false} is VALID [2022-02-20 18:01:56,660 INFO L290 TraceCheckUtils]: 129: Hoare triple {8850#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {8850#false} is VALID [2022-02-20 18:01:56,660 INFO L290 TraceCheckUtils]: 130: Hoare triple {8850#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {8850#false} is VALID [2022-02-20 18:01:56,660 INFO L272 TraceCheckUtils]: 131: Hoare triple {8850#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {8849#true} is VALID [2022-02-20 18:01:56,660 INFO L290 TraceCheckUtils]: 132: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~32; {8849#true} is VALID [2022-02-20 18:01:56,660 INFO L290 TraceCheckUtils]: 133: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {8849#true} is VALID [2022-02-20 18:01:56,660 INFO L290 TraceCheckUtils]: 134: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,661 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {8849#true} {8850#false} #1667#return; {8850#false} is VALID [2022-02-20 18:01:56,661 INFO L290 TraceCheckUtils]: 136: Hoare triple {8850#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {8850#false} is VALID [2022-02-20 18:01:56,661 INFO L290 TraceCheckUtils]: 137: Hoare triple {8850#false} assume 1 == ~sent_encrypted~0; {8850#false} is VALID [2022-02-20 18:01:56,662 INFO L272 TraceCheckUtils]: 138: Hoare triple {8850#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {8849#true} is VALID [2022-02-20 18:01:56,662 INFO L290 TraceCheckUtils]: 139: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~19; {8849#true} is VALID [2022-02-20 18:01:56,662 INFO L290 TraceCheckUtils]: 140: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {8849#true} is VALID [2022-02-20 18:01:56,662 INFO L290 TraceCheckUtils]: 141: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,663 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {8849#true} {8850#false} #1669#return; {8850#false} is VALID [2022-02-20 18:01:56,663 INFO L290 TraceCheckUtils]: 143: Hoare triple {8850#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {8850#false} is VALID [2022-02-20 18:01:56,663 INFO L272 TraceCheckUtils]: 144: Hoare triple {8850#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {8849#true} is VALID [2022-02-20 18:01:56,675 INFO L290 TraceCheckUtils]: 145: Hoare triple {8849#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8849#true} is VALID [2022-02-20 18:01:56,676 INFO L290 TraceCheckUtils]: 146: Hoare triple {8849#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {8849#true} is VALID [2022-02-20 18:01:56,676 INFO L290 TraceCheckUtils]: 147: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,676 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {8849#true} {8850#false} #1671#return; {8850#false} is VALID [2022-02-20 18:01:56,676 INFO L290 TraceCheckUtils]: 149: Hoare triple {8850#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {8850#false} is VALID [2022-02-20 18:01:56,676 INFO L272 TraceCheckUtils]: 150: Hoare triple {8850#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {8849#true} is VALID [2022-02-20 18:01:56,676 INFO L290 TraceCheckUtils]: 151: Hoare triple {8849#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {8849#true} is VALID [2022-02-20 18:01:56,677 INFO L290 TraceCheckUtils]: 152: Hoare triple {8849#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {8849#true} is VALID [2022-02-20 18:01:56,677 INFO L290 TraceCheckUtils]: 153: Hoare triple {8849#true} assume true; {8849#true} is VALID [2022-02-20 18:01:56,677 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {8849#true} {8850#false} #1673#return; {8850#false} is VALID [2022-02-20 18:01:56,677 INFO L290 TraceCheckUtils]: 155: Hoare triple {8850#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {8850#false} is VALID [2022-02-20 18:01:56,677 INFO L290 TraceCheckUtils]: 156: Hoare triple {8850#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {8850#false} is VALID [2022-02-20 18:01:56,677 INFO L290 TraceCheckUtils]: 157: Hoare triple {8850#false} assume !false; {8850#false} is VALID [2022-02-20 18:01:56,678 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:01:56,678 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:56,678 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2016910295] [2022-02-20 18:01:56,679 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2016910295] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:56,679 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:56,679 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:01:56,679 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [504035254] [2022-02-20 18:01:56,679 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:56,680 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 3 states have call predecessors, (22), 3 states have call successors, (22) Word has length 158 [2022-02-20 18:01:56,680 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:56,681 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 3 states have call predecessors, (22), 3 states have call successors, (22) [2022-02-20 18:01:56,790 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 135 edges. 135 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:56,790 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:01:56,790 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:56,791 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:01:56,791 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:01:56,792 INFO L87 Difference]: Start difference. First operand 601 states and 887 transitions. Second operand has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 3 states have call predecessors, (22), 3 states have call successors, (22) [2022-02-20 18:02:02,098 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:02,099 INFO L93 Difference]: Finished difference Result 1322 states and 2010 transitions. [2022-02-20 18:02:02,099 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:02:02,100 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 3 states have call predecessors, (22), 3 states have call successors, (22) Word has length 158 [2022-02-20 18:02:02,101 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:02,101 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 3 states have call predecessors, (22), 3 states have call successors, (22) [2022-02-20 18:02:02,150 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 2010 transitions. [2022-02-20 18:02:02,151 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 3 states have call predecessors, (22), 3 states have call successors, (22) [2022-02-20 18:02:02,173 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 2010 transitions. [2022-02-20 18:02:02,173 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 2010 transitions. [2022-02-20 18:02:03,414 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 2010 edges. 2010 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:03,443 INFO L225 Difference]: With dead ends: 1322 [2022-02-20 18:02:03,443 INFO L226 Difference]: Without dead ends: 746 [2022-02-20 18:02:03,458 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 57 GetRequests, 47 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:03,459 INFO L933 BasicCegarLoop]: 881 mSDtfsCounter, 2065 mSDsluCounter, 662 mSDsCounter, 0 mSdLazyCounter, 510 mSolverCounterSat, 884 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2092 SdHoareTripleChecker+Valid, 1543 SdHoareTripleChecker+Invalid, 1394 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 884 IncrementalHoareTripleChecker+Valid, 510 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:03,459 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2092 Valid, 1543 Invalid, 1394 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [884 Valid, 510 Invalid, 0 Unknown, 0 Unchecked, 2.0s Time] [2022-02-20 18:02:03,460 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 746 states. [2022-02-20 18:02:03,476 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 746 to 600. [2022-02-20 18:02:03,477 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:03,478 INFO L82 GeneralOperation]: Start isEquivalent. First operand 746 states. Second operand has 600 states, 446 states have (on average 1.4798206278026906) internal successors, (660), 463 states have internal predecessors, (660), 109 states have call successors, (109), 44 states have call predecessors, (109), 44 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 18:02:03,479 INFO L74 IsIncluded]: Start isIncluded. First operand 746 states. Second operand has 600 states, 446 states have (on average 1.4798206278026906) internal successors, (660), 463 states have internal predecessors, (660), 109 states have call successors, (109), 44 states have call predecessors, (109), 44 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 18:02:03,480 INFO L87 Difference]: Start difference. First operand 746 states. Second operand has 600 states, 446 states have (on average 1.4798206278026906) internal successors, (660), 463 states have internal predecessors, (660), 109 states have call successors, (109), 44 states have call predecessors, (109), 44 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 18:02:03,503 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:03,503 INFO L93 Difference]: Finished difference Result 746 states and 1120 transitions. [2022-02-20 18:02:03,503 INFO L276 IsEmpty]: Start isEmpty. Operand 746 states and 1120 transitions. [2022-02-20 18:02:03,505 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:03,505 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:03,506 INFO L74 IsIncluded]: Start isIncluded. First operand has 600 states, 446 states have (on average 1.4798206278026906) internal successors, (660), 463 states have internal predecessors, (660), 109 states have call successors, (109), 44 states have call predecessors, (109), 44 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 746 states. [2022-02-20 18:02:03,507 INFO L87 Difference]: Start difference. First operand has 600 states, 446 states have (on average 1.4798206278026906) internal successors, (660), 463 states have internal predecessors, (660), 109 states have call successors, (109), 44 states have call predecessors, (109), 44 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 746 states. [2022-02-20 18:02:03,530 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:03,530 INFO L93 Difference]: Finished difference Result 746 states and 1120 transitions. [2022-02-20 18:02:03,530 INFO L276 IsEmpty]: Start isEmpty. Operand 746 states and 1120 transitions. [2022-02-20 18:02:03,532 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:03,532 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:03,532 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:03,532 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:03,533 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 600 states, 446 states have (on average 1.4798206278026906) internal successors, (660), 463 states have internal predecessors, (660), 109 states have call successors, (109), 44 states have call predecessors, (109), 44 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 18:02:03,554 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 600 states to 600 states and 877 transitions. [2022-02-20 18:02:03,554 INFO L78 Accepts]: Start accepts. Automaton has 600 states and 877 transitions. Word has length 158 [2022-02-20 18:02:03,554 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:03,554 INFO L470 AbstractCegarLoop]: Abstraction has 600 states and 877 transitions. [2022-02-20 18:02:03,555 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 14.333333333333334) internal successors, (86), 3 states have internal predecessors, (86), 3 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (22), 3 states have call predecessors, (22), 3 states have call successors, (22) [2022-02-20 18:02:03,555 INFO L276 IsEmpty]: Start isEmpty. Operand 600 states and 877 transitions. [2022-02-20 18:02:03,557 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 182 [2022-02-20 18:02:03,557 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:03,557 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:03,557 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:02:03,557 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:03,558 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:03,558 INFO L85 PathProgramCache]: Analyzing trace with hash 281364851, now seen corresponding path program 1 times [2022-02-20 18:02:03,558 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:03,558 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [862357295] [2022-02-20 18:02:03,558 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:03,558 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:03,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:02:03,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,626 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,627 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,627 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13124#true} {13124#true} #1741#return; {13124#true} is VALID [2022-02-20 18:02:03,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:02:03,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,631 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,631 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,631 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13124#true} {13124#true} #1743#return; {13124#true} is VALID [2022-02-20 18:02:03,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:02:03,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,634 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,634 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,634 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13124#true} {13124#true} #1745#return; {13124#true} is VALID [2022-02-20 18:02:03,634 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:03,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,640 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,640 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,641 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13124#true} {13124#true} #1747#return; {13124#true} is VALID [2022-02-20 18:02:03,641 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:02:03,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,643 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,643 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,644 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13124#true} {13124#true} #1749#return; {13124#true} is VALID [2022-02-20 18:02:03,644 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:02:03,645 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,647 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,647 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,647 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13124#true} {13124#true} #1751#return; {13124#true} is VALID [2022-02-20 18:02:03,647 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:02:03,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,651 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,651 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,651 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13124#true} {13124#true} #1753#return; {13124#true} is VALID [2022-02-20 18:02:03,652 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:02:03,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,654 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,654 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,655 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13124#true} {13124#true} #1755#return; {13124#true} is VALID [2022-02-20 18:02:03,658 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:02:03,659 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,661 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:03,661 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,662 INFO L290 TraceCheckUtils]: 0: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,663 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,663 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,663 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13124#true} #1739#return; {13124#true} is VALID [2022-02-20 18:02:03,663 INFO L290 TraceCheckUtils]: 0: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {13124#true} is VALID [2022-02-20 18:02:03,664 INFO L272 TraceCheckUtils]: 1: Hoare triple {13124#true} call setClientId(~bob___0, ~bob___0); {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,664 INFO L290 TraceCheckUtils]: 2: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,664 INFO L290 TraceCheckUtils]: 3: Hoare triple {13124#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,664 INFO L290 TraceCheckUtils]: 4: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,664 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {13124#true} {13124#true} #1739#return; {13124#true} is VALID [2022-02-20 18:02:03,664 INFO L290 TraceCheckUtils]: 6: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,664 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {13124#true} {13125#false} #1761#return; {13125#false} is VALID [2022-02-20 18:02:03,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:02:03,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,669 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:03,669 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,672 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,672 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13124#true} #1691#return; {13124#true} is VALID [2022-02-20 18:02:03,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {13124#true} is VALID [2022-02-20 18:02:03,673 INFO L272 TraceCheckUtils]: 1: Hoare triple {13124#true} call setClientId(~rjh___0, ~rjh___0); {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,673 INFO L290 TraceCheckUtils]: 2: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,673 INFO L290 TraceCheckUtils]: 3: Hoare triple {13124#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,673 INFO L290 TraceCheckUtils]: 4: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,673 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {13124#true} {13124#true} #1691#return; {13124#true} is VALID [2022-02-20 18:02:03,673 INFO L290 TraceCheckUtils]: 6: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,673 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {13124#true} {13125#false} #1767#return; {13125#false} is VALID [2022-02-20 18:02:03,674 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:02:03,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,678 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:03,679 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,687 INFO L290 TraceCheckUtils]: 0: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,688 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,688 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,688 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13124#true} #1629#return; {13124#true} is VALID [2022-02-20 18:02:03,688 INFO L290 TraceCheckUtils]: 0: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {13124#true} is VALID [2022-02-20 18:02:03,689 INFO L272 TraceCheckUtils]: 1: Hoare triple {13124#true} call setClientId(~chuck___0, ~chuck___0); {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,689 INFO L290 TraceCheckUtils]: 2: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,689 INFO L290 TraceCheckUtils]: 3: Hoare triple {13124#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,689 INFO L290 TraceCheckUtils]: 4: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,689 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {13124#true} {13124#true} #1629#return; {13124#true} is VALID [2022-02-20 18:02:03,689 INFO L290 TraceCheckUtils]: 6: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,689 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {13124#true} {13125#false} #1773#return; {13125#false} is VALID [2022-02-20 18:02:03,693 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:02:03,694 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,698 INFO L290 TraceCheckUtils]: 0: Hoare triple {13233#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,698 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,698 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,698 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13125#false} #1651#return; {13125#false} is VALID [2022-02-20 18:02:03,702 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:02:03,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {13234#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,705 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,705 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,705 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13125#false} #1653#return; {13125#false} is VALID [2022-02-20 18:02:03,705 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:02:03,707 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,710 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} ~handle := #in~handle;havoc ~retValue_acc~13; {13124#true} is VALID [2022-02-20 18:02:03,710 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~13; {13124#true} is VALID [2022-02-20 18:02:03,710 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,710 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13125#false} #1631#return; {13125#false} is VALID [2022-02-20 18:02:03,710 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:02:03,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,713 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} ~handle := #in~handle;havoc ~retValue_acc~32; {13124#true} is VALID [2022-02-20 18:02:03,713 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {13124#true} is VALID [2022-02-20 18:02:03,713 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,714 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13125#false} #1617#return; {13125#false} is VALID [2022-02-20 18:02:03,714 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:02:03,715 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,717 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {13124#true} is VALID [2022-02-20 18:02:03,718 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle; {13124#true} is VALID [2022-02-20 18:02:03,718 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {13124#true} is VALID [2022-02-20 18:02:03,718 INFO L290 TraceCheckUtils]: 3: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,718 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13124#true} {13125#false} #1619#return; {13125#false} is VALID [2022-02-20 18:02:03,718 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 18:02:03,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,722 INFO L290 TraceCheckUtils]: 0: Hoare triple {13233#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,722 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,722 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,722 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13125#false} #1663#return; {13125#false} is VALID [2022-02-20 18:02:03,722 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-02-20 18:02:03,723 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,724 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} ~handle := #in~handle;havoc ~retValue_acc~35; {13124#true} is VALID [2022-02-20 18:02:03,724 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {13124#true} is VALID [2022-02-20 18:02:03,724 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,725 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13125#false} #1665#return; {13125#false} is VALID [2022-02-20 18:02:03,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 154 [2022-02-20 18:02:03,725 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,726 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} ~handle := #in~handle;havoc ~retValue_acc~32; {13124#true} is VALID [2022-02-20 18:02:03,727 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {13124#true} is VALID [2022-02-20 18:02:03,727 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,727 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13125#false} #1667#return; {13125#false} is VALID [2022-02-20 18:02:03,727 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 161 [2022-02-20 18:02:03,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,729 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} ~handle := #in~handle;havoc ~retValue_acc~19; {13124#true} is VALID [2022-02-20 18:02:03,729 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {13124#true} is VALID [2022-02-20 18:02:03,729 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,729 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13125#false} #1669#return; {13125#false} is VALID [2022-02-20 18:02:03,729 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 167 [2022-02-20 18:02:03,730 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,731 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13124#true} is VALID [2022-02-20 18:02:03,731 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {13124#true} is VALID [2022-02-20 18:02:03,731 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,731 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13125#false} #1671#return; {13125#false} is VALID [2022-02-20 18:02:03,732 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 173 [2022-02-20 18:02:03,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,734 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {13124#true} is VALID [2022-02-20 18:02:03,735 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {13124#true} is VALID [2022-02-20 18:02:03,735 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,735 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13124#true} {13125#false} #1673#return; {13125#false} is VALID [2022-02-20 18:02:03,735 INFO L290 TraceCheckUtils]: 0: Hoare triple {13124#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {13124#true} is VALID [2022-02-20 18:02:03,735 INFO L290 TraceCheckUtils]: 1: Hoare triple {13124#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {13124#true} is VALID [2022-02-20 18:02:03,735 INFO L290 TraceCheckUtils]: 2: Hoare triple {13124#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {13124#true} is VALID [2022-02-20 18:02:03,735 INFO L272 TraceCheckUtils]: 3: Hoare triple {13124#true} call select_features_#t~ret58#1 := select_one(); {13124#true} is VALID [2022-02-20 18:02:03,736 INFO L290 TraceCheckUtils]: 4: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,736 INFO L290 TraceCheckUtils]: 5: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,736 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {13124#true} {13124#true} #1741#return; {13124#true} is VALID [2022-02-20 18:02:03,736 INFO L290 TraceCheckUtils]: 7: Hoare triple {13124#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {13124#true} is VALID [2022-02-20 18:02:03,736 INFO L272 TraceCheckUtils]: 8: Hoare triple {13124#true} call select_features_#t~ret59#1 := select_one(); {13124#true} is VALID [2022-02-20 18:02:03,736 INFO L290 TraceCheckUtils]: 9: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,736 INFO L290 TraceCheckUtils]: 10: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,736 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {13124#true} {13124#true} #1743#return; {13124#true} is VALID [2022-02-20 18:02:03,737 INFO L290 TraceCheckUtils]: 12: Hoare triple {13124#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {13124#true} is VALID [2022-02-20 18:02:03,737 INFO L272 TraceCheckUtils]: 13: Hoare triple {13124#true} call select_features_#t~ret60#1 := select_one(); {13124#true} is VALID [2022-02-20 18:02:03,737 INFO L290 TraceCheckUtils]: 14: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,737 INFO L290 TraceCheckUtils]: 15: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,737 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13124#true} {13124#true} #1745#return; {13124#true} is VALID [2022-02-20 18:02:03,737 INFO L290 TraceCheckUtils]: 17: Hoare triple {13124#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {13124#true} is VALID [2022-02-20 18:02:03,737 INFO L272 TraceCheckUtils]: 18: Hoare triple {13124#true} call select_features_#t~ret61#1 := select_one(); {13124#true} is VALID [2022-02-20 18:02:03,737 INFO L290 TraceCheckUtils]: 19: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,737 INFO L290 TraceCheckUtils]: 20: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,738 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {13124#true} {13124#true} #1747#return; {13124#true} is VALID [2022-02-20 18:02:03,738 INFO L290 TraceCheckUtils]: 22: Hoare triple {13124#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {13124#true} is VALID [2022-02-20 18:02:03,738 INFO L272 TraceCheckUtils]: 23: Hoare triple {13124#true} call select_features_#t~ret62#1 := select_one(); {13124#true} is VALID [2022-02-20 18:02:03,738 INFO L290 TraceCheckUtils]: 24: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,738 INFO L290 TraceCheckUtils]: 25: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,738 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {13124#true} {13124#true} #1749#return; {13124#true} is VALID [2022-02-20 18:02:03,738 INFO L290 TraceCheckUtils]: 27: Hoare triple {13124#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {13124#true} is VALID [2022-02-20 18:02:03,738 INFO L272 TraceCheckUtils]: 28: Hoare triple {13124#true} call select_features_#t~ret63#1 := select_one(); {13124#true} is VALID [2022-02-20 18:02:03,739 INFO L290 TraceCheckUtils]: 29: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,739 INFO L290 TraceCheckUtils]: 30: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,739 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {13124#true} {13124#true} #1751#return; {13124#true} is VALID [2022-02-20 18:02:03,739 INFO L290 TraceCheckUtils]: 32: Hoare triple {13124#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {13124#true} is VALID [2022-02-20 18:02:03,739 INFO L272 TraceCheckUtils]: 33: Hoare triple {13124#true} call select_features_#t~ret64#1 := select_one(); {13124#true} is VALID [2022-02-20 18:02:03,739 INFO L290 TraceCheckUtils]: 34: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,739 INFO L290 TraceCheckUtils]: 35: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,739 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {13124#true} {13124#true} #1753#return; {13124#true} is VALID [2022-02-20 18:02:03,739 INFO L290 TraceCheckUtils]: 37: Hoare triple {13124#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {13124#true} is VALID [2022-02-20 18:02:03,740 INFO L272 TraceCheckUtils]: 38: Hoare triple {13124#true} call select_features_#t~ret65#1 := select_one(); {13124#true} is VALID [2022-02-20 18:02:03,740 INFO L290 TraceCheckUtils]: 39: Hoare triple {13124#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {13124#true} is VALID [2022-02-20 18:02:03,740 INFO L290 TraceCheckUtils]: 40: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,740 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {13124#true} {13124#true} #1755#return; {13124#true} is VALID [2022-02-20 18:02:03,740 INFO L290 TraceCheckUtils]: 42: Hoare triple {13124#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {13124#true} is VALID [2022-02-20 18:02:03,740 INFO L290 TraceCheckUtils]: 43: Hoare triple {13124#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {13124#true} is VALID [2022-02-20 18:02:03,740 INFO L290 TraceCheckUtils]: 44: Hoare triple {13124#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {13124#true} is VALID [2022-02-20 18:02:03,741 INFO L290 TraceCheckUtils]: 45: Hoare triple {13124#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {13150#(not (= ~__SELECTED_FEATURE_Decrypt~0 0))} is VALID [2022-02-20 18:02:03,741 INFO L290 TraceCheckUtils]: 46: Hoare triple {13150#(not (= ~__SELECTED_FEATURE_Decrypt~0 0))} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {13125#false} is VALID [2022-02-20 18:02:03,741 INFO L290 TraceCheckUtils]: 47: Hoare triple {13125#false} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {13125#false} is VALID [2022-02-20 18:02:03,741 INFO L290 TraceCheckUtils]: 48: Hoare triple {13125#false} assume 0 != ~__SELECTED_FEATURE_Keys~0; {13125#false} is VALID [2022-02-20 18:02:03,741 INFO L290 TraceCheckUtils]: 49: Hoare triple {13125#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {13125#false} is VALID [2022-02-20 18:02:03,741 INFO L290 TraceCheckUtils]: 50: Hoare triple {13125#false} assume 0 == ~__SELECTED_FEATURE_Verify~0; {13125#false} is VALID [2022-02-20 18:02:03,742 INFO L290 TraceCheckUtils]: 51: Hoare triple {13125#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {13125#false} is VALID [2022-02-20 18:02:03,742 INFO L290 TraceCheckUtils]: 52: Hoare triple {13125#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~9#1 := 1; {13125#false} is VALID [2022-02-20 18:02:03,742 INFO L290 TraceCheckUtils]: 53: Hoare triple {13125#false} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {13125#false} is VALID [2022-02-20 18:02:03,742 INFO L290 TraceCheckUtils]: 54: Hoare triple {13125#false} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {13125#false} is VALID [2022-02-20 18:02:03,742 INFO L290 TraceCheckUtils]: 55: Hoare triple {13125#false} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {13125#false} is VALID [2022-02-20 18:02:03,742 INFO L290 TraceCheckUtils]: 56: Hoare triple {13125#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13125#false} is VALID [2022-02-20 18:02:03,742 INFO L272 TraceCheckUtils]: 57: Hoare triple {13125#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,742 INFO L290 TraceCheckUtils]: 58: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {13124#true} is VALID [2022-02-20 18:02:03,743 INFO L272 TraceCheckUtils]: 59: Hoare triple {13124#true} call setClientId(~bob___0, ~bob___0); {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,743 INFO L290 TraceCheckUtils]: 60: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,743 INFO L290 TraceCheckUtils]: 61: Hoare triple {13124#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,743 INFO L290 TraceCheckUtils]: 62: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,743 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {13124#true} {13124#true} #1739#return; {13124#true} is VALID [2022-02-20 18:02:03,744 INFO L290 TraceCheckUtils]: 64: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,744 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {13124#true} {13125#false} #1761#return; {13125#false} is VALID [2022-02-20 18:02:03,744 INFO L290 TraceCheckUtils]: 66: Hoare triple {13125#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {13125#false} is VALID [2022-02-20 18:02:03,744 INFO L290 TraceCheckUtils]: 67: Hoare triple {13125#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13125#false} is VALID [2022-02-20 18:02:03,744 INFO L272 TraceCheckUtils]: 68: Hoare triple {13125#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,744 INFO L290 TraceCheckUtils]: 69: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {13124#true} is VALID [2022-02-20 18:02:03,745 INFO L272 TraceCheckUtils]: 70: Hoare triple {13124#true} call setClientId(~rjh___0, ~rjh___0); {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,745 INFO L290 TraceCheckUtils]: 71: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,745 INFO L290 TraceCheckUtils]: 72: Hoare triple {13124#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,745 INFO L290 TraceCheckUtils]: 73: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,745 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {13124#true} {13124#true} #1691#return; {13124#true} is VALID [2022-02-20 18:02:03,745 INFO L290 TraceCheckUtils]: 75: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,745 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {13124#true} {13125#false} #1767#return; {13125#false} is VALID [2022-02-20 18:02:03,746 INFO L290 TraceCheckUtils]: 77: Hoare triple {13125#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {13125#false} is VALID [2022-02-20 18:02:03,746 INFO L290 TraceCheckUtils]: 78: Hoare triple {13125#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {13125#false} is VALID [2022-02-20 18:02:03,746 INFO L272 TraceCheckUtils]: 79: Hoare triple {13125#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,746 INFO L290 TraceCheckUtils]: 80: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {13124#true} is VALID [2022-02-20 18:02:03,746 INFO L272 TraceCheckUtils]: 81: Hoare triple {13124#true} call setClientId(~chuck___0, ~chuck___0); {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,747 INFO L290 TraceCheckUtils]: 82: Hoare triple {13220#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,747 INFO L290 TraceCheckUtils]: 83: Hoare triple {13124#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,747 INFO L290 TraceCheckUtils]: 84: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,747 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {13124#true} {13124#true} #1629#return; {13124#true} is VALID [2022-02-20 18:02:03,747 INFO L290 TraceCheckUtils]: 86: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,747 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {13124#true} {13125#false} #1773#return; {13125#false} is VALID [2022-02-20 18:02:03,747 INFO L290 TraceCheckUtils]: 88: Hoare triple {13125#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {13125#false} is VALID [2022-02-20 18:02:03,747 INFO L290 TraceCheckUtils]: 89: Hoare triple {13125#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13125#false} is VALID [2022-02-20 18:02:03,748 INFO L290 TraceCheckUtils]: 90: Hoare triple {13125#false} assume !false; {13125#false} is VALID [2022-02-20 18:02:03,748 INFO L290 TraceCheckUtils]: 91: Hoare triple {13125#false} assume !(test_~splverifierCounter~0#1 < 4); {13125#false} is VALID [2022-02-20 18:02:03,748 INFO L290 TraceCheckUtils]: 92: Hoare triple {13125#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {13125#false} is VALID [2022-02-20 18:02:03,748 INFO L272 TraceCheckUtils]: 93: Hoare triple {13125#false} call sendEmail(~bob~0, ~rjh~0); {13125#false} is VALID [2022-02-20 18:02:03,748 INFO L290 TraceCheckUtils]: 94: Hoare triple {13125#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13125#false} is VALID [2022-02-20 18:02:03,748 INFO L272 TraceCheckUtils]: 95: Hoare triple {13125#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13233#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:03,748 INFO L290 TraceCheckUtils]: 96: Hoare triple {13233#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,748 INFO L290 TraceCheckUtils]: 97: Hoare triple {13124#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,748 INFO L290 TraceCheckUtils]: 98: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,749 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {13124#true} {13125#false} #1651#return; {13125#false} is VALID [2022-02-20 18:02:03,749 INFO L272 TraceCheckUtils]: 100: Hoare triple {13125#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13234#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:03,749 INFO L290 TraceCheckUtils]: 101: Hoare triple {13234#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,749 INFO L290 TraceCheckUtils]: 102: Hoare triple {13124#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,749 INFO L290 TraceCheckUtils]: 103: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,749 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {13124#true} {13125#false} #1653#return; {13125#false} is VALID [2022-02-20 18:02:03,749 INFO L290 TraceCheckUtils]: 105: Hoare triple {13125#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {13125#false} is VALID [2022-02-20 18:02:03,749 INFO L290 TraceCheckUtils]: 106: Hoare triple {13125#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {13125#false} is VALID [2022-02-20 18:02:03,750 INFO L272 TraceCheckUtils]: 107: Hoare triple {13125#false} call outgoing(~sender#1, ~email~0#1); {13125#false} is VALID [2022-02-20 18:02:03,750 INFO L290 TraceCheckUtils]: 108: Hoare triple {13125#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13125#false} is VALID [2022-02-20 18:02:03,750 INFO L290 TraceCheckUtils]: 109: Hoare triple {13125#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {13125#false} is VALID [2022-02-20 18:02:03,750 INFO L272 TraceCheckUtils]: 110: Hoare triple {13125#false} call outgoing__before__Sign(~client#1, ~msg#1); {13125#false} is VALID [2022-02-20 18:02:03,750 INFO L290 TraceCheckUtils]: 111: Hoare triple {13125#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13125#false} is VALID [2022-02-20 18:02:03,750 INFO L290 TraceCheckUtils]: 112: Hoare triple {13125#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret105#1, outgoing__role__AddressBook_#t~ret106#1, outgoing__role__AddressBook_#t~ret107#1, outgoing__role__AddressBook_#t~ret108#1, outgoing__role__AddressBook_#t~ret109#1, outgoing__role__AddressBook_#t~ret110#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~2#1, outgoing__role__AddressBook_~tmp~19#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~8#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~4#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~2#1;havoc outgoing__role__AddressBook_~tmp~19#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~8#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~4#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {13125#false} is VALID [2022-02-20 18:02:03,750 INFO L272 TraceCheckUtils]: 113: Hoare triple {13125#false} call outgoing__role__AddressBook_#t~ret105#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {13124#true} is VALID [2022-02-20 18:02:03,750 INFO L290 TraceCheckUtils]: 114: Hoare triple {13124#true} ~handle := #in~handle;havoc ~retValue_acc~13; {13124#true} is VALID [2022-02-20 18:02:03,751 INFO L290 TraceCheckUtils]: 115: Hoare triple {13124#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~13; {13124#true} is VALID [2022-02-20 18:02:03,751 INFO L290 TraceCheckUtils]: 116: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,751 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {13124#true} {13125#false} #1631#return; {13125#false} is VALID [2022-02-20 18:02:03,751 INFO L290 TraceCheckUtils]: 118: Hoare triple {13125#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret105#1 && outgoing__role__AddressBook_#t~ret105#1 <= 2147483647;outgoing__role__AddressBook_~tmp~19#1 := outgoing__role__AddressBook_#t~ret105#1;havoc outgoing__role__AddressBook_#t~ret105#1;outgoing__role__AddressBook_~size~2#1 := outgoing__role__AddressBook_~tmp~19#1; {13125#false} is VALID [2022-02-20 18:02:03,751 INFO L290 TraceCheckUtils]: 119: Hoare triple {13125#false} assume !(0 != outgoing__role__AddressBook_~size~2#1); {13125#false} is VALID [2022-02-20 18:02:03,751 INFO L272 TraceCheckUtils]: 120: Hoare triple {13125#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {13125#false} is VALID [2022-02-20 18:02:03,751 INFO L290 TraceCheckUtils]: 121: Hoare triple {13125#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {13125#false} is VALID [2022-02-20 18:02:03,751 INFO L290 TraceCheckUtils]: 122: Hoare triple {13125#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret103#1, outgoing__role__Encrypt_#t~ret104#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~18#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~7#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~18#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~7#1; {13125#false} is VALID [2022-02-20 18:02:03,752 INFO L272 TraceCheckUtils]: 123: Hoare triple {13125#false} call outgoing__role__Encrypt_#t~ret103#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {13124#true} is VALID [2022-02-20 18:02:03,752 INFO L290 TraceCheckUtils]: 124: Hoare triple {13124#true} ~handle := #in~handle;havoc ~retValue_acc~32; {13124#true} is VALID [2022-02-20 18:02:03,752 INFO L290 TraceCheckUtils]: 125: Hoare triple {13124#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {13124#true} is VALID [2022-02-20 18:02:03,752 INFO L290 TraceCheckUtils]: 126: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,752 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {13124#true} {13125#false} #1617#return; {13125#false} is VALID [2022-02-20 18:02:03,752 INFO L290 TraceCheckUtils]: 128: Hoare triple {13125#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret103#1 && outgoing__role__Encrypt_#t~ret103#1 <= 2147483647;outgoing__role__Encrypt_~tmp~18#1 := outgoing__role__Encrypt_#t~ret103#1;havoc outgoing__role__Encrypt_#t~ret103#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~18#1; {13125#false} is VALID [2022-02-20 18:02:03,752 INFO L272 TraceCheckUtils]: 129: Hoare triple {13125#false} call outgoing__role__Encrypt_#t~ret104#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {13124#true} is VALID [2022-02-20 18:02:03,752 INFO L290 TraceCheckUtils]: 130: Hoare triple {13124#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {13124#true} is VALID [2022-02-20 18:02:03,752 INFO L290 TraceCheckUtils]: 131: Hoare triple {13124#true} assume 1 == ~handle; {13124#true} is VALID [2022-02-20 18:02:03,753 INFO L290 TraceCheckUtils]: 132: Hoare triple {13124#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {13124#true} is VALID [2022-02-20 18:02:03,753 INFO L290 TraceCheckUtils]: 133: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,753 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {13124#true} {13125#false} #1619#return; {13125#false} is VALID [2022-02-20 18:02:03,753 INFO L290 TraceCheckUtils]: 135: Hoare triple {13125#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret104#1 && outgoing__role__Encrypt_#t~ret104#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~7#1 := outgoing__role__Encrypt_#t~ret104#1;havoc outgoing__role__Encrypt_#t~ret104#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~7#1; {13125#false} is VALID [2022-02-20 18:02:03,753 INFO L290 TraceCheckUtils]: 136: Hoare triple {13125#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {13125#false} is VALID [2022-02-20 18:02:03,753 INFO L272 TraceCheckUtils]: 137: Hoare triple {13125#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {13125#false} is VALID [2022-02-20 18:02:03,753 INFO L290 TraceCheckUtils]: 138: Hoare triple {13125#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {13125#false} is VALID [2022-02-20 18:02:03,753 INFO L290 TraceCheckUtils]: 139: Hoare triple {13125#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {13125#false} is VALID [2022-02-20 18:02:03,754 INFO L290 TraceCheckUtils]: 140: Hoare triple {13125#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {13125#false} is VALID [2022-02-20 18:02:03,754 INFO L272 TraceCheckUtils]: 141: Hoare triple {13125#false} call setEmailFrom(~msg#1, ~tmp~17#1); {13233#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:03,754 INFO L290 TraceCheckUtils]: 142: Hoare triple {13233#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13124#true} is VALID [2022-02-20 18:02:03,754 INFO L290 TraceCheckUtils]: 143: Hoare triple {13124#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13124#true} is VALID [2022-02-20 18:02:03,754 INFO L290 TraceCheckUtils]: 144: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,754 INFO L284 TraceCheckUtils]: 145: Hoare quadruple {13124#true} {13125#false} #1663#return; {13125#false} is VALID [2022-02-20 18:02:03,754 INFO L290 TraceCheckUtils]: 146: Hoare triple {13125#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {13125#false} is VALID [2022-02-20 18:02:03,754 INFO L272 TraceCheckUtils]: 147: Hoare triple {13125#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {13124#true} is VALID [2022-02-20 18:02:03,754 INFO L290 TraceCheckUtils]: 148: Hoare triple {13124#true} ~handle := #in~handle;havoc ~retValue_acc~35; {13124#true} is VALID [2022-02-20 18:02:03,755 INFO L290 TraceCheckUtils]: 149: Hoare triple {13124#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {13124#true} is VALID [2022-02-20 18:02:03,755 INFO L290 TraceCheckUtils]: 150: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,755 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {13124#true} {13125#false} #1665#return; {13125#false} is VALID [2022-02-20 18:02:03,755 INFO L290 TraceCheckUtils]: 152: Hoare triple {13125#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {13125#false} is VALID [2022-02-20 18:02:03,755 INFO L290 TraceCheckUtils]: 153: Hoare triple {13125#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {13125#false} is VALID [2022-02-20 18:02:03,755 INFO L272 TraceCheckUtils]: 154: Hoare triple {13125#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {13124#true} is VALID [2022-02-20 18:02:03,755 INFO L290 TraceCheckUtils]: 155: Hoare triple {13124#true} ~handle := #in~handle;havoc ~retValue_acc~32; {13124#true} is VALID [2022-02-20 18:02:03,755 INFO L290 TraceCheckUtils]: 156: Hoare triple {13124#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {13124#true} is VALID [2022-02-20 18:02:03,756 INFO L290 TraceCheckUtils]: 157: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,756 INFO L284 TraceCheckUtils]: 158: Hoare quadruple {13124#true} {13125#false} #1667#return; {13125#false} is VALID [2022-02-20 18:02:03,756 INFO L290 TraceCheckUtils]: 159: Hoare triple {13125#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {13125#false} is VALID [2022-02-20 18:02:03,756 INFO L290 TraceCheckUtils]: 160: Hoare triple {13125#false} assume 1 == ~sent_encrypted~0; {13125#false} is VALID [2022-02-20 18:02:03,756 INFO L272 TraceCheckUtils]: 161: Hoare triple {13125#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {13124#true} is VALID [2022-02-20 18:02:03,756 INFO L290 TraceCheckUtils]: 162: Hoare triple {13124#true} ~handle := #in~handle;havoc ~retValue_acc~19; {13124#true} is VALID [2022-02-20 18:02:03,756 INFO L290 TraceCheckUtils]: 163: Hoare triple {13124#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {13124#true} is VALID [2022-02-20 18:02:03,756 INFO L290 TraceCheckUtils]: 164: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,757 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {13124#true} {13125#false} #1669#return; {13125#false} is VALID [2022-02-20 18:02:03,757 INFO L290 TraceCheckUtils]: 166: Hoare triple {13125#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {13125#false} is VALID [2022-02-20 18:02:03,757 INFO L272 TraceCheckUtils]: 167: Hoare triple {13125#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {13124#true} is VALID [2022-02-20 18:02:03,757 INFO L290 TraceCheckUtils]: 168: Hoare triple {13124#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13124#true} is VALID [2022-02-20 18:02:03,757 INFO L290 TraceCheckUtils]: 169: Hoare triple {13124#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {13124#true} is VALID [2022-02-20 18:02:03,757 INFO L290 TraceCheckUtils]: 170: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,757 INFO L284 TraceCheckUtils]: 171: Hoare quadruple {13124#true} {13125#false} #1671#return; {13125#false} is VALID [2022-02-20 18:02:03,757 INFO L290 TraceCheckUtils]: 172: Hoare triple {13125#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {13125#false} is VALID [2022-02-20 18:02:03,757 INFO L272 TraceCheckUtils]: 173: Hoare triple {13125#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {13124#true} is VALID [2022-02-20 18:02:03,758 INFO L290 TraceCheckUtils]: 174: Hoare triple {13124#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {13124#true} is VALID [2022-02-20 18:02:03,758 INFO L290 TraceCheckUtils]: 175: Hoare triple {13124#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {13124#true} is VALID [2022-02-20 18:02:03,758 INFO L290 TraceCheckUtils]: 176: Hoare triple {13124#true} assume true; {13124#true} is VALID [2022-02-20 18:02:03,758 INFO L284 TraceCheckUtils]: 177: Hoare quadruple {13124#true} {13125#false} #1673#return; {13125#false} is VALID [2022-02-20 18:02:03,758 INFO L290 TraceCheckUtils]: 178: Hoare triple {13125#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {13125#false} is VALID [2022-02-20 18:02:03,758 INFO L290 TraceCheckUtils]: 179: Hoare triple {13125#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {13125#false} is VALID [2022-02-20 18:02:03,758 INFO L290 TraceCheckUtils]: 180: Hoare triple {13125#false} assume !false; {13125#false} is VALID [2022-02-20 18:02:03,759 INFO L134 CoverageAnalysis]: Checked inductivity of 104 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 104 trivial. 0 not checked. [2022-02-20 18:02:03,759 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:03,759 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [862357295] [2022-02-20 18:02:03,759 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [862357295] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:03,759 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:03,759 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:02:03,760 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1854893277] [2022-02-20 18:02:03,760 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:03,761 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) Word has length 181 [2022-02-20 18:02:03,761 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:03,761 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 18:02:03,845 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 155 edges. 155 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:03,846 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:02:03,846 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:03,847 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:02:03,847 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:02:03,847 INFO L87 Difference]: Start difference. First operand 600 states and 877 transitions. Second operand has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 18:02:08,670 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:08,670 INFO L93 Difference]: Finished difference Result 1314 states and 1970 transitions. [2022-02-20 18:02:08,670 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:02:08,671 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) Word has length 181 [2022-02-20 18:02:08,671 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:08,671 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 18:02:08,692 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1968 transitions. [2022-02-20 18:02:08,692 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 18:02:08,716 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1968 transitions. [2022-02-20 18:02:08,717 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1968 transitions. [2022-02-20 18:02:10,471 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1968 edges. 1968 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:10,500 INFO L225 Difference]: With dead ends: 1314 [2022-02-20 18:02:10,500 INFO L226 Difference]: Without dead ends: 744 [2022-02-20 18:02:10,502 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 63 GetRequests, 53 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:10,503 INFO L933 BasicCegarLoop]: 876 mSDtfsCounter, 2072 mSDsluCounter, 679 mSDsCounter, 0 mSdLazyCounter, 512 mSolverCounterSat, 838 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2099 SdHoareTripleChecker+Valid, 1555 SdHoareTripleChecker+Invalid, 1350 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 838 IncrementalHoareTripleChecker+Valid, 512 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:10,503 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2099 Valid, 1555 Invalid, 1350 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [838 Valid, 512 Invalid, 0 Unknown, 0 Unchecked, 1.9s Time] [2022-02-20 18:02:10,504 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 744 states. [2022-02-20 18:02:10,521 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 744 to 599. [2022-02-20 18:02:10,521 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:10,523 INFO L82 GeneralOperation]: Start isEquivalent. First operand 744 states. Second operand has 599 states, 446 states have (on average 1.4753363228699552) internal successors, (658), 462 states have internal predecessors, (658), 108 states have call successors, (108), 44 states have call predecessors, (108), 44 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) [2022-02-20 18:02:10,524 INFO L74 IsIncluded]: Start isIncluded. First operand 744 states. Second operand has 599 states, 446 states have (on average 1.4753363228699552) internal successors, (658), 462 states have internal predecessors, (658), 108 states have call successors, (108), 44 states have call predecessors, (108), 44 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) [2022-02-20 18:02:10,525 INFO L87 Difference]: Start difference. First operand 744 states. Second operand has 599 states, 446 states have (on average 1.4753363228699552) internal successors, (658), 462 states have internal predecessors, (658), 108 states have call successors, (108), 44 states have call predecessors, (108), 44 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) [2022-02-20 18:02:10,548 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:10,549 INFO L93 Difference]: Finished difference Result 744 states and 1111 transitions. [2022-02-20 18:02:10,549 INFO L276 IsEmpty]: Start isEmpty. Operand 744 states and 1111 transitions. [2022-02-20 18:02:10,551 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:10,551 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:10,553 INFO L74 IsIncluded]: Start isIncluded. First operand has 599 states, 446 states have (on average 1.4753363228699552) internal successors, (658), 462 states have internal predecessors, (658), 108 states have call successors, (108), 44 states have call predecessors, (108), 44 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) Second operand 744 states. [2022-02-20 18:02:10,554 INFO L87 Difference]: Start difference. First operand has 599 states, 446 states have (on average 1.4753363228699552) internal successors, (658), 462 states have internal predecessors, (658), 108 states have call successors, (108), 44 states have call predecessors, (108), 44 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) Second operand 744 states. [2022-02-20 18:02:10,578 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:10,578 INFO L93 Difference]: Finished difference Result 744 states and 1111 transitions. [2022-02-20 18:02:10,578 INFO L276 IsEmpty]: Start isEmpty. Operand 744 states and 1111 transitions. [2022-02-20 18:02:10,580 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:10,580 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:10,581 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:10,581 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:10,582 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 599 states, 446 states have (on average 1.4753363228699552) internal successors, (658), 462 states have internal predecessors, (658), 108 states have call successors, (108), 44 states have call predecessors, (108), 44 states have return successors, (107), 106 states have call predecessors, (107), 107 states have call successors, (107) [2022-02-20 18:02:10,602 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 599 states to 599 states and 873 transitions. [2022-02-20 18:02:10,603 INFO L78 Accepts]: Start accepts. Automaton has 599 states and 873 transitions. Word has length 181 [2022-02-20 18:02:10,603 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:10,603 INFO L470 AbstractCegarLoop]: Abstraction has 599 states and 873 transitions. [2022-02-20 18:02:10,603 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 16.666666666666668) internal successors, (100), 3 states have internal predecessors, (100), 2 states have call successors, (30), 5 states have call predecessors, (30), 1 states have return successors, (25), 2 states have call predecessors, (25), 2 states have call successors, (25) [2022-02-20 18:02:10,604 INFO L276 IsEmpty]: Start isEmpty. Operand 599 states and 873 transitions. [2022-02-20 18:02:10,605 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 176 [2022-02-20 18:02:10,605 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:10,606 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:10,606 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:02:10,606 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:10,606 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:10,606 INFO L85 PathProgramCache]: Analyzing trace with hash -1133178073, now seen corresponding path program 1 times [2022-02-20 18:02:10,606 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:10,607 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [929394395] [2022-02-20 18:02:10,607 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:10,607 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:10,640 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,659 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:02:10,662 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,663 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,664 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,664 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17392#true} {17392#true} #1741#return; {17392#true} is VALID [2022-02-20 18:02:10,664 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:02:10,665 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,667 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17392#true} {17392#true} #1743#return; {17392#true} is VALID [2022-02-20 18:02:10,668 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:02:10,669 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,671 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,671 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,671 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17392#true} {17392#true} #1745#return; {17392#true} is VALID [2022-02-20 18:02:10,671 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:10,673 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,675 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,675 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17392#true} {17392#true} #1747#return; {17392#true} is VALID [2022-02-20 18:02:10,675 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:02:10,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,678 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,678 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,678 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17392#true} {17392#true} #1749#return; {17392#true} is VALID [2022-02-20 18:02:10,679 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:02:10,680 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,682 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,682 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,682 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17392#true} {17392#true} #1751#return; {17392#true} is VALID [2022-02-20 18:02:10,682 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:02:10,684 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,685 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,686 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,686 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17392#true} {17392#true} #1753#return; {17392#true} is VALID [2022-02-20 18:02:10,686 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:02:10,687 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,689 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,689 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17392#true} {17392#true} #1755#return; {17392#true} is VALID [2022-02-20 18:02:10,694 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:02:10,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:10,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,699 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,699 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,699 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17392#true} {17392#true} #1739#return; {17392#true} is VALID [2022-02-20 18:02:10,700 INFO L290 TraceCheckUtils]: 0: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {17392#true} is VALID [2022-02-20 18:02:10,700 INFO L272 TraceCheckUtils]: 1: Hoare triple {17392#true} call setClientId(~bob___0, ~bob___0); {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:10,700 INFO L290 TraceCheckUtils]: 2: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,701 INFO L290 TraceCheckUtils]: 3: Hoare triple {17392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,701 INFO L290 TraceCheckUtils]: 4: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,701 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17392#true} {17392#true} #1739#return; {17392#true} is VALID [2022-02-20 18:02:10,701 INFO L290 TraceCheckUtils]: 6: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,701 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17392#true} {17393#false} #1761#return; {17393#false} is VALID [2022-02-20 18:02:10,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:02:10,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,705 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:10,705 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,707 INFO L290 TraceCheckUtils]: 0: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,707 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,707 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,707 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17392#true} {17392#true} #1691#return; {17392#true} is VALID [2022-02-20 18:02:10,707 INFO L290 TraceCheckUtils]: 0: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {17392#true} is VALID [2022-02-20 18:02:10,708 INFO L272 TraceCheckUtils]: 1: Hoare triple {17392#true} call setClientId(~rjh___0, ~rjh___0); {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:10,708 INFO L290 TraceCheckUtils]: 2: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,708 INFO L290 TraceCheckUtils]: 3: Hoare triple {17392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,708 INFO L290 TraceCheckUtils]: 4: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,709 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17392#true} {17392#true} #1691#return; {17392#true} is VALID [2022-02-20 18:02:10,709 INFO L290 TraceCheckUtils]: 6: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,709 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17392#true} {17393#false} #1767#return; {17393#false} is VALID [2022-02-20 18:02:10,709 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:02:10,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,712 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:10,713 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,715 INFO L290 TraceCheckUtils]: 0: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,715 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,715 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,715 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17392#true} {17392#true} #1629#return; {17392#true} is VALID [2022-02-20 18:02:10,715 INFO L290 TraceCheckUtils]: 0: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {17392#true} is VALID [2022-02-20 18:02:10,716 INFO L272 TraceCheckUtils]: 1: Hoare triple {17392#true} call setClientId(~chuck___0, ~chuck___0); {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:10,716 INFO L290 TraceCheckUtils]: 2: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,716 INFO L290 TraceCheckUtils]: 3: Hoare triple {17392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,716 INFO L290 TraceCheckUtils]: 4: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,717 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17392#true} {17392#true} #1629#return; {17392#true} is VALID [2022-02-20 18:02:10,717 INFO L290 TraceCheckUtils]: 6: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,717 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17392#true} {17393#false} #1773#return; {17393#false} is VALID [2022-02-20 18:02:10,721 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:02:10,723 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,726 INFO L290 TraceCheckUtils]: 0: Hoare triple {17497#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,726 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,726 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,726 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17392#true} {17393#false} #1651#return; {17393#false} is VALID [2022-02-20 18:02:10,731 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:02:10,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,736 INFO L290 TraceCheckUtils]: 0: Hoare triple {17498#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,737 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,737 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,737 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17392#true} {17393#false} #1653#return; {17393#false} is VALID [2022-02-20 18:02:10,737 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 18:02:10,738 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,740 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} ~handle := #in~handle;havoc ~retValue_acc~32; {17392#true} is VALID [2022-02-20 18:02:10,741 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {17392#true} is VALID [2022-02-20 18:02:10,741 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,741 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17392#true} {17393#false} #1617#return; {17393#false} is VALID [2022-02-20 18:02:10,741 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:02:10,742 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,744 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {17392#true} is VALID [2022-02-20 18:02:10,744 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 1 == ~handle; {17392#true} is VALID [2022-02-20 18:02:10,744 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {17392#true} is VALID [2022-02-20 18:02:10,744 INFO L290 TraceCheckUtils]: 3: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,744 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17392#true} {17393#false} #1619#return; {17393#false} is VALID [2022-02-20 18:02:10,744 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 18:02:10,745 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,747 INFO L290 TraceCheckUtils]: 0: Hoare triple {17497#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,747 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,747 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,748 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17392#true} {17393#false} #1663#return; {17393#false} is VALID [2022-02-20 18:02:10,748 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 18:02:10,748 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,750 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} ~handle := #in~handle;havoc ~retValue_acc~35; {17392#true} is VALID [2022-02-20 18:02:10,750 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {17392#true} is VALID [2022-02-20 18:02:10,750 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,750 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17392#true} {17393#false} #1665#return; {17393#false} is VALID [2022-02-20 18:02:10,750 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 148 [2022-02-20 18:02:10,751 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,754 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} ~handle := #in~handle;havoc ~retValue_acc~32; {17392#true} is VALID [2022-02-20 18:02:10,754 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {17392#true} is VALID [2022-02-20 18:02:10,754 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,754 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17392#true} {17393#false} #1667#return; {17393#false} is VALID [2022-02-20 18:02:10,754 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 155 [2022-02-20 18:02:10,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,757 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} ~handle := #in~handle;havoc ~retValue_acc~19; {17392#true} is VALID [2022-02-20 18:02:10,757 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {17392#true} is VALID [2022-02-20 18:02:10,757 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,757 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17392#true} {17393#false} #1669#return; {17393#false} is VALID [2022-02-20 18:02:10,757 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 161 [2022-02-20 18:02:10,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,760 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} ~handle := #in~handle;havoc ~retValue_acc~36; {17392#true} is VALID [2022-02-20 18:02:10,760 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {17392#true} is VALID [2022-02-20 18:02:10,760 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,760 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17392#true} {17393#false} #1671#return; {17393#false} is VALID [2022-02-20 18:02:10,760 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 167 [2022-02-20 18:02:10,761 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,765 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {17392#true} is VALID [2022-02-20 18:02:10,765 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {17392#true} is VALID [2022-02-20 18:02:10,765 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,765 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17392#true} {17393#false} #1673#return; {17393#false} is VALID [2022-02-20 18:02:10,766 INFO L290 TraceCheckUtils]: 0: Hoare triple {17392#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {17392#true} is VALID [2022-02-20 18:02:10,766 INFO L290 TraceCheckUtils]: 1: Hoare triple {17392#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {17392#true} is VALID [2022-02-20 18:02:10,766 INFO L290 TraceCheckUtils]: 2: Hoare triple {17392#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {17392#true} is VALID [2022-02-20 18:02:10,766 INFO L272 TraceCheckUtils]: 3: Hoare triple {17392#true} call select_features_#t~ret58#1 := select_one(); {17392#true} is VALID [2022-02-20 18:02:10,766 INFO L290 TraceCheckUtils]: 4: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,766 INFO L290 TraceCheckUtils]: 5: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,766 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {17392#true} {17392#true} #1741#return; {17392#true} is VALID [2022-02-20 18:02:10,767 INFO L290 TraceCheckUtils]: 7: Hoare triple {17392#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {17392#true} is VALID [2022-02-20 18:02:10,767 INFO L272 TraceCheckUtils]: 8: Hoare triple {17392#true} call select_features_#t~ret59#1 := select_one(); {17392#true} is VALID [2022-02-20 18:02:10,767 INFO L290 TraceCheckUtils]: 9: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,767 INFO L290 TraceCheckUtils]: 10: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,767 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {17392#true} {17392#true} #1743#return; {17392#true} is VALID [2022-02-20 18:02:10,767 INFO L290 TraceCheckUtils]: 12: Hoare triple {17392#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {17392#true} is VALID [2022-02-20 18:02:10,767 INFO L272 TraceCheckUtils]: 13: Hoare triple {17392#true} call select_features_#t~ret60#1 := select_one(); {17392#true} is VALID [2022-02-20 18:02:10,767 INFO L290 TraceCheckUtils]: 14: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,768 INFO L290 TraceCheckUtils]: 15: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,768 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17392#true} {17392#true} #1745#return; {17392#true} is VALID [2022-02-20 18:02:10,768 INFO L290 TraceCheckUtils]: 17: Hoare triple {17392#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {17392#true} is VALID [2022-02-20 18:02:10,768 INFO L272 TraceCheckUtils]: 18: Hoare triple {17392#true} call select_features_#t~ret61#1 := select_one(); {17392#true} is VALID [2022-02-20 18:02:10,768 INFO L290 TraceCheckUtils]: 19: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,768 INFO L290 TraceCheckUtils]: 20: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,768 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {17392#true} {17392#true} #1747#return; {17392#true} is VALID [2022-02-20 18:02:10,768 INFO L290 TraceCheckUtils]: 22: Hoare triple {17392#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {17392#true} is VALID [2022-02-20 18:02:10,768 INFO L272 TraceCheckUtils]: 23: Hoare triple {17392#true} call select_features_#t~ret62#1 := select_one(); {17392#true} is VALID [2022-02-20 18:02:10,769 INFO L290 TraceCheckUtils]: 24: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,769 INFO L290 TraceCheckUtils]: 25: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,769 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {17392#true} {17392#true} #1749#return; {17392#true} is VALID [2022-02-20 18:02:10,769 INFO L290 TraceCheckUtils]: 27: Hoare triple {17392#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {17392#true} is VALID [2022-02-20 18:02:10,769 INFO L272 TraceCheckUtils]: 28: Hoare triple {17392#true} call select_features_#t~ret63#1 := select_one(); {17392#true} is VALID [2022-02-20 18:02:10,769 INFO L290 TraceCheckUtils]: 29: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,769 INFO L290 TraceCheckUtils]: 30: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,769 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {17392#true} {17392#true} #1751#return; {17392#true} is VALID [2022-02-20 18:02:10,770 INFO L290 TraceCheckUtils]: 32: Hoare triple {17392#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {17392#true} is VALID [2022-02-20 18:02:10,770 INFO L272 TraceCheckUtils]: 33: Hoare triple {17392#true} call select_features_#t~ret64#1 := select_one(); {17392#true} is VALID [2022-02-20 18:02:10,770 INFO L290 TraceCheckUtils]: 34: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,770 INFO L290 TraceCheckUtils]: 35: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,770 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {17392#true} {17392#true} #1753#return; {17392#true} is VALID [2022-02-20 18:02:10,770 INFO L290 TraceCheckUtils]: 37: Hoare triple {17392#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {17392#true} is VALID [2022-02-20 18:02:10,770 INFO L272 TraceCheckUtils]: 38: Hoare triple {17392#true} call select_features_#t~ret65#1 := select_one(); {17392#true} is VALID [2022-02-20 18:02:10,770 INFO L290 TraceCheckUtils]: 39: Hoare triple {17392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {17392#true} is VALID [2022-02-20 18:02:10,770 INFO L290 TraceCheckUtils]: 40: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,771 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {17392#true} {17392#true} #1755#return; {17392#true} is VALID [2022-02-20 18:02:10,771 INFO L290 TraceCheckUtils]: 42: Hoare triple {17392#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {17392#true} is VALID [2022-02-20 18:02:10,771 INFO L290 TraceCheckUtils]: 43: Hoare triple {17392#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {17392#true} is VALID [2022-02-20 18:02:10,771 INFO L290 TraceCheckUtils]: 44: Hoare triple {17392#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {17392#true} is VALID [2022-02-20 18:02:10,771 INFO L290 TraceCheckUtils]: 45: Hoare triple {17392#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {17392#true} is VALID [2022-02-20 18:02:10,771 INFO L290 TraceCheckUtils]: 46: Hoare triple {17392#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {17392#true} is VALID [2022-02-20 18:02:10,771 INFO L290 TraceCheckUtils]: 47: Hoare triple {17392#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {17392#true} is VALID [2022-02-20 18:02:10,771 INFO L290 TraceCheckUtils]: 48: Hoare triple {17392#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {17392#true} is VALID [2022-02-20 18:02:10,772 INFO L290 TraceCheckUtils]: 49: Hoare triple {17392#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:02:10,772 INFO L290 TraceCheckUtils]: 50: Hoare triple {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 == ~__SELECTED_FEATURE_Sign~0; {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:02:10,772 INFO L290 TraceCheckUtils]: 51: Hoare triple {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 == ~__SELECTED_FEATURE_Verify~0; {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:02:10,773 INFO L290 TraceCheckUtils]: 52: Hoare triple {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 == ~__SELECTED_FEATURE_Sign~0; {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:02:10,773 INFO L290 TraceCheckUtils]: 53: Hoare triple {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~9#1 := 1; {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:02:10,773 INFO L290 TraceCheckUtils]: 54: Hoare triple {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:02:10,774 INFO L290 TraceCheckUtils]: 55: Hoare triple {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:02:10,774 INFO L290 TraceCheckUtils]: 56: Hoare triple {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:02:10,774 INFO L290 TraceCheckUtils]: 57: Hoare triple {17418#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17393#false} is VALID [2022-02-20 18:02:10,774 INFO L272 TraceCheckUtils]: 58: Hoare triple {17393#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:10,774 INFO L290 TraceCheckUtils]: 59: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {17392#true} is VALID [2022-02-20 18:02:10,775 INFO L272 TraceCheckUtils]: 60: Hoare triple {17392#true} call setClientId(~bob___0, ~bob___0); {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:10,775 INFO L290 TraceCheckUtils]: 61: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,775 INFO L290 TraceCheckUtils]: 62: Hoare triple {17392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,775 INFO L290 TraceCheckUtils]: 63: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,775 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {17392#true} {17392#true} #1739#return; {17392#true} is VALID [2022-02-20 18:02:10,776 INFO L290 TraceCheckUtils]: 65: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,776 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {17392#true} {17393#false} #1761#return; {17393#false} is VALID [2022-02-20 18:02:10,776 INFO L290 TraceCheckUtils]: 67: Hoare triple {17393#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {17393#false} is VALID [2022-02-20 18:02:10,776 INFO L290 TraceCheckUtils]: 68: Hoare triple {17393#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17393#false} is VALID [2022-02-20 18:02:10,776 INFO L272 TraceCheckUtils]: 69: Hoare triple {17393#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:10,776 INFO L290 TraceCheckUtils]: 70: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {17392#true} is VALID [2022-02-20 18:02:10,777 INFO L272 TraceCheckUtils]: 71: Hoare triple {17392#true} call setClientId(~rjh___0, ~rjh___0); {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:10,777 INFO L290 TraceCheckUtils]: 72: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,777 INFO L290 TraceCheckUtils]: 73: Hoare triple {17392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,777 INFO L290 TraceCheckUtils]: 74: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,777 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {17392#true} {17392#true} #1691#return; {17392#true} is VALID [2022-02-20 18:02:10,777 INFO L290 TraceCheckUtils]: 76: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,777 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {17392#true} {17393#false} #1767#return; {17393#false} is VALID [2022-02-20 18:02:10,778 INFO L290 TraceCheckUtils]: 78: Hoare triple {17393#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {17393#false} is VALID [2022-02-20 18:02:10,778 INFO L290 TraceCheckUtils]: 79: Hoare triple {17393#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17393#false} is VALID [2022-02-20 18:02:10,778 INFO L272 TraceCheckUtils]: 80: Hoare triple {17393#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:10,778 INFO L290 TraceCheckUtils]: 81: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {17392#true} is VALID [2022-02-20 18:02:10,779 INFO L272 TraceCheckUtils]: 82: Hoare triple {17392#true} call setClientId(~chuck___0, ~chuck___0); {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:10,779 INFO L290 TraceCheckUtils]: 83: Hoare triple {17484#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,779 INFO L290 TraceCheckUtils]: 84: Hoare triple {17392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,779 INFO L290 TraceCheckUtils]: 85: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,779 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {17392#true} {17392#true} #1629#return; {17392#true} is VALID [2022-02-20 18:02:10,779 INFO L290 TraceCheckUtils]: 87: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,779 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {17392#true} {17393#false} #1773#return; {17393#false} is VALID [2022-02-20 18:02:10,779 INFO L290 TraceCheckUtils]: 89: Hoare triple {17393#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {17393#false} is VALID [2022-02-20 18:02:10,779 INFO L290 TraceCheckUtils]: 90: Hoare triple {17393#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17393#false} is VALID [2022-02-20 18:02:10,780 INFO L290 TraceCheckUtils]: 91: Hoare triple {17393#false} assume !false; {17393#false} is VALID [2022-02-20 18:02:10,780 INFO L290 TraceCheckUtils]: 92: Hoare triple {17393#false} assume !(test_~splverifierCounter~0#1 < 4); {17393#false} is VALID [2022-02-20 18:02:10,780 INFO L290 TraceCheckUtils]: 93: Hoare triple {17393#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {17393#false} is VALID [2022-02-20 18:02:10,780 INFO L272 TraceCheckUtils]: 94: Hoare triple {17393#false} call sendEmail(~bob~0, ~rjh~0); {17393#false} is VALID [2022-02-20 18:02:10,780 INFO L290 TraceCheckUtils]: 95: Hoare triple {17393#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17393#false} is VALID [2022-02-20 18:02:10,780 INFO L272 TraceCheckUtils]: 96: Hoare triple {17393#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17497#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:10,780 INFO L290 TraceCheckUtils]: 97: Hoare triple {17497#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,780 INFO L290 TraceCheckUtils]: 98: Hoare triple {17392#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,781 INFO L290 TraceCheckUtils]: 99: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,781 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {17392#true} {17393#false} #1651#return; {17393#false} is VALID [2022-02-20 18:02:10,781 INFO L272 TraceCheckUtils]: 101: Hoare triple {17393#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17498#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:10,781 INFO L290 TraceCheckUtils]: 102: Hoare triple {17498#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,781 INFO L290 TraceCheckUtils]: 103: Hoare triple {17392#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,781 INFO L290 TraceCheckUtils]: 104: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,781 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {17392#true} {17393#false} #1653#return; {17393#false} is VALID [2022-02-20 18:02:10,781 INFO L290 TraceCheckUtils]: 106: Hoare triple {17393#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {17393#false} is VALID [2022-02-20 18:02:10,782 INFO L290 TraceCheckUtils]: 107: Hoare triple {17393#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {17393#false} is VALID [2022-02-20 18:02:10,782 INFO L272 TraceCheckUtils]: 108: Hoare triple {17393#false} call outgoing(~sender#1, ~email~0#1); {17393#false} is VALID [2022-02-20 18:02:10,782 INFO L290 TraceCheckUtils]: 109: Hoare triple {17393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17393#false} is VALID [2022-02-20 18:02:10,782 INFO L290 TraceCheckUtils]: 110: Hoare triple {17393#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {17393#false} is VALID [2022-02-20 18:02:10,782 INFO L272 TraceCheckUtils]: 111: Hoare triple {17393#false} call outgoing__before__Sign(~client#1, ~msg#1); {17393#false} is VALID [2022-02-20 18:02:10,782 INFO L290 TraceCheckUtils]: 112: Hoare triple {17393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17393#false} is VALID [2022-02-20 18:02:10,782 INFO L290 TraceCheckUtils]: 113: Hoare triple {17393#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {17393#false} is VALID [2022-02-20 18:02:10,782 INFO L272 TraceCheckUtils]: 114: Hoare triple {17393#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {17393#false} is VALID [2022-02-20 18:02:10,782 INFO L290 TraceCheckUtils]: 115: Hoare triple {17393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17393#false} is VALID [2022-02-20 18:02:10,783 INFO L290 TraceCheckUtils]: 116: Hoare triple {17393#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret103#1, outgoing__role__Encrypt_#t~ret104#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~18#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~7#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~18#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~7#1; {17393#false} is VALID [2022-02-20 18:02:10,783 INFO L272 TraceCheckUtils]: 117: Hoare triple {17393#false} call outgoing__role__Encrypt_#t~ret103#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {17392#true} is VALID [2022-02-20 18:02:10,783 INFO L290 TraceCheckUtils]: 118: Hoare triple {17392#true} ~handle := #in~handle;havoc ~retValue_acc~32; {17392#true} is VALID [2022-02-20 18:02:10,783 INFO L290 TraceCheckUtils]: 119: Hoare triple {17392#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {17392#true} is VALID [2022-02-20 18:02:10,783 INFO L290 TraceCheckUtils]: 120: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,783 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {17392#true} {17393#false} #1617#return; {17393#false} is VALID [2022-02-20 18:02:10,783 INFO L290 TraceCheckUtils]: 122: Hoare triple {17393#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret103#1 && outgoing__role__Encrypt_#t~ret103#1 <= 2147483647;outgoing__role__Encrypt_~tmp~18#1 := outgoing__role__Encrypt_#t~ret103#1;havoc outgoing__role__Encrypt_#t~ret103#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~18#1; {17393#false} is VALID [2022-02-20 18:02:10,784 INFO L272 TraceCheckUtils]: 123: Hoare triple {17393#false} call outgoing__role__Encrypt_#t~ret104#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {17392#true} is VALID [2022-02-20 18:02:10,784 INFO L290 TraceCheckUtils]: 124: Hoare triple {17392#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {17392#true} is VALID [2022-02-20 18:02:10,784 INFO L290 TraceCheckUtils]: 125: Hoare triple {17392#true} assume 1 == ~handle; {17392#true} is VALID [2022-02-20 18:02:10,784 INFO L290 TraceCheckUtils]: 126: Hoare triple {17392#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {17392#true} is VALID [2022-02-20 18:02:10,784 INFO L290 TraceCheckUtils]: 127: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,784 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {17392#true} {17393#false} #1619#return; {17393#false} is VALID [2022-02-20 18:02:10,784 INFO L290 TraceCheckUtils]: 129: Hoare triple {17393#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret104#1 && outgoing__role__Encrypt_#t~ret104#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~7#1 := outgoing__role__Encrypt_#t~ret104#1;havoc outgoing__role__Encrypt_#t~ret104#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~7#1; {17393#false} is VALID [2022-02-20 18:02:10,784 INFO L290 TraceCheckUtils]: 130: Hoare triple {17393#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {17393#false} is VALID [2022-02-20 18:02:10,784 INFO L272 TraceCheckUtils]: 131: Hoare triple {17393#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {17393#false} is VALID [2022-02-20 18:02:10,785 INFO L290 TraceCheckUtils]: 132: Hoare triple {17393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {17393#false} is VALID [2022-02-20 18:02:10,785 INFO L290 TraceCheckUtils]: 133: Hoare triple {17393#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {17393#false} is VALID [2022-02-20 18:02:10,785 INFO L290 TraceCheckUtils]: 134: Hoare triple {17393#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {17393#false} is VALID [2022-02-20 18:02:10,785 INFO L272 TraceCheckUtils]: 135: Hoare triple {17393#false} call setEmailFrom(~msg#1, ~tmp~17#1); {17497#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:10,785 INFO L290 TraceCheckUtils]: 136: Hoare triple {17497#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17392#true} is VALID [2022-02-20 18:02:10,785 INFO L290 TraceCheckUtils]: 137: Hoare triple {17392#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17392#true} is VALID [2022-02-20 18:02:10,785 INFO L290 TraceCheckUtils]: 138: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,785 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {17392#true} {17393#false} #1663#return; {17393#false} is VALID [2022-02-20 18:02:10,786 INFO L290 TraceCheckUtils]: 140: Hoare triple {17393#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {17393#false} is VALID [2022-02-20 18:02:10,786 INFO L272 TraceCheckUtils]: 141: Hoare triple {17393#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {17392#true} is VALID [2022-02-20 18:02:10,786 INFO L290 TraceCheckUtils]: 142: Hoare triple {17392#true} ~handle := #in~handle;havoc ~retValue_acc~35; {17392#true} is VALID [2022-02-20 18:02:10,786 INFO L290 TraceCheckUtils]: 143: Hoare triple {17392#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {17392#true} is VALID [2022-02-20 18:02:10,786 INFO L290 TraceCheckUtils]: 144: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,786 INFO L284 TraceCheckUtils]: 145: Hoare quadruple {17392#true} {17393#false} #1665#return; {17393#false} is VALID [2022-02-20 18:02:10,786 INFO L290 TraceCheckUtils]: 146: Hoare triple {17393#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {17393#false} is VALID [2022-02-20 18:02:10,786 INFO L290 TraceCheckUtils]: 147: Hoare triple {17393#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {17393#false} is VALID [2022-02-20 18:02:10,787 INFO L272 TraceCheckUtils]: 148: Hoare triple {17393#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {17392#true} is VALID [2022-02-20 18:02:10,787 INFO L290 TraceCheckUtils]: 149: Hoare triple {17392#true} ~handle := #in~handle;havoc ~retValue_acc~32; {17392#true} is VALID [2022-02-20 18:02:10,787 INFO L290 TraceCheckUtils]: 150: Hoare triple {17392#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {17392#true} is VALID [2022-02-20 18:02:10,787 INFO L290 TraceCheckUtils]: 151: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,787 INFO L284 TraceCheckUtils]: 152: Hoare quadruple {17392#true} {17393#false} #1667#return; {17393#false} is VALID [2022-02-20 18:02:10,787 INFO L290 TraceCheckUtils]: 153: Hoare triple {17393#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {17393#false} is VALID [2022-02-20 18:02:10,787 INFO L290 TraceCheckUtils]: 154: Hoare triple {17393#false} assume 1 == ~sent_encrypted~0; {17393#false} is VALID [2022-02-20 18:02:10,787 INFO L272 TraceCheckUtils]: 155: Hoare triple {17393#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {17392#true} is VALID [2022-02-20 18:02:10,788 INFO L290 TraceCheckUtils]: 156: Hoare triple {17392#true} ~handle := #in~handle;havoc ~retValue_acc~19; {17392#true} is VALID [2022-02-20 18:02:10,788 INFO L290 TraceCheckUtils]: 157: Hoare triple {17392#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {17392#true} is VALID [2022-02-20 18:02:10,788 INFO L290 TraceCheckUtils]: 158: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,788 INFO L284 TraceCheckUtils]: 159: Hoare quadruple {17392#true} {17393#false} #1669#return; {17393#false} is VALID [2022-02-20 18:02:10,788 INFO L290 TraceCheckUtils]: 160: Hoare triple {17393#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {17393#false} is VALID [2022-02-20 18:02:10,788 INFO L272 TraceCheckUtils]: 161: Hoare triple {17393#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {17392#true} is VALID [2022-02-20 18:02:10,788 INFO L290 TraceCheckUtils]: 162: Hoare triple {17392#true} ~handle := #in~handle;havoc ~retValue_acc~36; {17392#true} is VALID [2022-02-20 18:02:10,788 INFO L290 TraceCheckUtils]: 163: Hoare triple {17392#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {17392#true} is VALID [2022-02-20 18:02:10,788 INFO L290 TraceCheckUtils]: 164: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,789 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {17392#true} {17393#false} #1671#return; {17393#false} is VALID [2022-02-20 18:02:10,789 INFO L290 TraceCheckUtils]: 166: Hoare triple {17393#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {17393#false} is VALID [2022-02-20 18:02:10,789 INFO L272 TraceCheckUtils]: 167: Hoare triple {17393#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {17392#true} is VALID [2022-02-20 18:02:10,789 INFO L290 TraceCheckUtils]: 168: Hoare triple {17392#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {17392#true} is VALID [2022-02-20 18:02:10,789 INFO L290 TraceCheckUtils]: 169: Hoare triple {17392#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {17392#true} is VALID [2022-02-20 18:02:10,789 INFO L290 TraceCheckUtils]: 170: Hoare triple {17392#true} assume true; {17392#true} is VALID [2022-02-20 18:02:10,789 INFO L284 TraceCheckUtils]: 171: Hoare quadruple {17392#true} {17393#false} #1673#return; {17393#false} is VALID [2022-02-20 18:02:10,789 INFO L290 TraceCheckUtils]: 172: Hoare triple {17393#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {17393#false} is VALID [2022-02-20 18:02:10,790 INFO L290 TraceCheckUtils]: 173: Hoare triple {17393#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {17393#false} is VALID [2022-02-20 18:02:10,790 INFO L290 TraceCheckUtils]: 174: Hoare triple {17393#false} assume !false; {17393#false} is VALID [2022-02-20 18:02:10,790 INFO L134 CoverageAnalysis]: Checked inductivity of 104 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 104 trivial. 0 not checked. [2022-02-20 18:02:10,790 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:10,790 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [929394395] [2022-02-20 18:02:10,791 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [929394395] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:10,791 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:10,791 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:02:10,791 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [952364492] [2022-02-20 18:02:10,792 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:10,793 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 16.0) internal successors, (96), 3 states have internal predecessors, (96), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 175 [2022-02-20 18:02:10,793 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:10,793 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 16.0) internal successors, (96), 3 states have internal predecessors, (96), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:02:10,899 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 149 edges. 149 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:10,900 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:02:10,900 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:10,900 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:02:10,900 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:02:10,901 INFO L87 Difference]: Start difference. First operand 599 states and 873 transitions. Second operand has 6 states, 6 states have (on average 16.0) internal successors, (96), 3 states have internal predecessors, (96), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:02:15,960 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:15,961 INFO L93 Difference]: Finished difference Result 1294 states and 1917 transitions. [2022-02-20 18:02:15,961 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:02:15,961 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 16.0) internal successors, (96), 3 states have internal predecessors, (96), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 175 [2022-02-20 18:02:15,962 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:15,962 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 16.0) internal successors, (96), 3 states have internal predecessors, (96), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:02:15,981 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1915 transitions. [2022-02-20 18:02:15,981 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 16.0) internal successors, (96), 3 states have internal predecessors, (96), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:02:15,999 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1915 transitions. [2022-02-20 18:02:15,999 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1915 transitions. [2022-02-20 18:02:17,627 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1915 edges. 1915 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:17,655 INFO L225 Difference]: With dead ends: 1294 [2022-02-20 18:02:17,656 INFO L226 Difference]: Without dead ends: 741 [2022-02-20 18:02:17,657 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 61 GetRequests, 51 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:17,659 INFO L933 BasicCegarLoop]: 854 mSDtfsCounter, 2038 mSDsluCounter, 617 mSDsCounter, 0 mSdLazyCounter, 534 mSolverCounterSat, 824 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2062 SdHoareTripleChecker+Valid, 1471 SdHoareTripleChecker+Invalid, 1358 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 824 IncrementalHoareTripleChecker+Valid, 534 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:17,660 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2062 Valid, 1471 Invalid, 1358 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [824 Valid, 534 Invalid, 0 Unknown, 0 Unchecked, 2.0s Time] [2022-02-20 18:02:17,661 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 741 states. [2022-02-20 18:02:17,682 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 741 to 596. [2022-02-20 18:02:17,682 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:17,683 INFO L82 GeneralOperation]: Start isEquivalent. First operand 741 states. Second operand has 596 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 105 states have call successors, (105), 44 states have call predecessors, (105), 44 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 18:02:17,698 INFO L74 IsIncluded]: Start isIncluded. First operand 741 states. Second operand has 596 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 105 states have call successors, (105), 44 states have call predecessors, (105), 44 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 18:02:17,701 INFO L87 Difference]: Start difference. First operand 741 states. Second operand has 596 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 105 states have call successors, (105), 44 states have call predecessors, (105), 44 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 18:02:17,726 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:17,727 INFO L93 Difference]: Finished difference Result 741 states and 1091 transitions. [2022-02-20 18:02:17,727 INFO L276 IsEmpty]: Start isEmpty. Operand 741 states and 1091 transitions. [2022-02-20 18:02:17,729 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:17,729 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:17,732 INFO L74 IsIncluded]: Start isIncluded. First operand has 596 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 105 states have call successors, (105), 44 states have call predecessors, (105), 44 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) Second operand 741 states. [2022-02-20 18:02:17,733 INFO L87 Difference]: Start difference. First operand has 596 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 105 states have call successors, (105), 44 states have call predecessors, (105), 44 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) Second operand 741 states. [2022-02-20 18:02:17,757 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:17,757 INFO L93 Difference]: Finished difference Result 741 states and 1091 transitions. [2022-02-20 18:02:17,758 INFO L276 IsEmpty]: Start isEmpty. Operand 741 states and 1091 transitions. [2022-02-20 18:02:17,760 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:17,760 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:17,760 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:17,760 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:17,761 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 596 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 105 states have call successors, (105), 44 states have call predecessors, (105), 44 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 18:02:17,782 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 596 states to 596 states and 856 transitions. [2022-02-20 18:02:17,783 INFO L78 Accepts]: Start accepts. Automaton has 596 states and 856 transitions. Word has length 175 [2022-02-20 18:02:17,783 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:17,783 INFO L470 AbstractCegarLoop]: Abstraction has 596 states and 856 transitions. [2022-02-20 18:02:17,784 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 16.0) internal successors, (96), 3 states have internal predecessors, (96), 2 states have call successors, (29), 5 states have call predecessors, (29), 1 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:02:17,784 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 856 transitions. [2022-02-20 18:02:17,787 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 194 [2022-02-20 18:02:17,787 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:17,787 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:17,787 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:02:17,787 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:17,788 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:17,788 INFO L85 PathProgramCache]: Analyzing trace with hash 22074693, now seen corresponding path program 1 times [2022-02-20 18:02:17,788 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:17,788 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [501177121] [2022-02-20 18:02:17,788 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:17,788 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:17,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,874 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:02:17,876 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,878 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:17,879 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,879 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21611#true} {21611#true} #1741#return; {21611#true} is VALID [2022-02-20 18:02:17,879 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:02:17,880 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,882 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:17,882 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,882 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21611#true} {21611#true} #1743#return; {21611#true} is VALID [2022-02-20 18:02:17,882 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:02:17,884 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,886 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:17,886 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,886 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21611#true} {21611#true} #1745#return; {21611#true} is VALID [2022-02-20 18:02:17,886 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:17,888 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,893 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:17,893 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,893 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21611#true} {21611#true} #1747#return; {21611#true} is VALID [2022-02-20 18:02:17,893 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:02:17,895 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,897 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:17,898 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,898 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21611#true} {21611#true} #1749#return; {21611#true} is VALID [2022-02-20 18:02:17,898 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:02:17,899 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,901 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:17,901 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,901 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21611#true} {21611#true} #1751#return; {21611#true} is VALID [2022-02-20 18:02:17,901 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:02:17,903 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,907 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:17,907 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,907 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21611#true} {21611#true} #1753#return; {21611#true} is VALID [2022-02-20 18:02:17,907 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:02:17,909 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,910 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:17,910 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,910 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21611#true} {21611#true} #1755#return; {21611#true} is VALID [2022-02-20 18:02:17,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:02:17,917 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,918 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:17,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,920 INFO L290 TraceCheckUtils]: 0: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:17,920 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:17,921 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,921 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21611#true} #1739#return; {21611#true} is VALID [2022-02-20 18:02:17,921 INFO L290 TraceCheckUtils]: 0: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {21611#true} is VALID [2022-02-20 18:02:17,921 INFO L272 TraceCheckUtils]: 1: Hoare triple {21611#true} call setClientId(~bob___0, ~bob___0); {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:17,921 INFO L290 TraceCheckUtils]: 2: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:17,922 INFO L290 TraceCheckUtils]: 3: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:17,922 INFO L290 TraceCheckUtils]: 4: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,922 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21611#true} {21611#true} #1739#return; {21611#true} is VALID [2022-02-20 18:02:17,922 INFO L290 TraceCheckUtils]: 6: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,923 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21611#true} {21611#true} #1757#return; {21611#true} is VALID [2022-02-20 18:02:17,929 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:02:17,930 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,932 INFO L290 TraceCheckUtils]: 0: Hoare triple {21721#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:17,932 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:17,932 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,933 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21611#true} #1759#return; {21611#true} is VALID [2022-02-20 18:02:17,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:02:17,937 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,950 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:17,952 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,968 INFO L290 TraceCheckUtils]: 0: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21728#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:17,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {21728#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21729#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:17,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {21729#(= |setClientId_#in~handle| 1)} assume true; {21729#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:17,969 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21729#(= |setClientId_#in~handle| 1)} {21722#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1691#return; {21727#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:17,970 INFO L290 TraceCheckUtils]: 0: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {21722#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:17,970 INFO L272 TraceCheckUtils]: 1: Hoare triple {21722#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:17,971 INFO L290 TraceCheckUtils]: 2: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21728#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:17,971 INFO L290 TraceCheckUtils]: 3: Hoare triple {21728#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21729#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:17,971 INFO L290 TraceCheckUtils]: 4: Hoare triple {21729#(= |setClientId_#in~handle| 1)} assume true; {21729#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:17,972 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21729#(= |setClientId_#in~handle| 1)} {21722#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1691#return; {21727#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:17,972 INFO L290 TraceCheckUtils]: 6: Hoare triple {21727#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {21727#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:17,973 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21727#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {21650#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1763#return; {21612#false} is VALID [2022-02-20 18:02:17,973 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:02:17,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,977 INFO L290 TraceCheckUtils]: 0: Hoare triple {21721#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:17,977 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:17,977 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,977 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21612#false} #1765#return; {21612#false} is VALID [2022-02-20 18:02:17,977 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:02:17,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,980 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:17,981 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,982 INFO L290 TraceCheckUtils]: 0: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:17,983 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:17,983 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,983 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21611#true} #1629#return; {21611#true} is VALID [2022-02-20 18:02:17,983 INFO L290 TraceCheckUtils]: 0: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {21611#true} is VALID [2022-02-20 18:02:17,984 INFO L272 TraceCheckUtils]: 1: Hoare triple {21611#true} call setClientId(~chuck___0, ~chuck___0); {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:17,984 INFO L290 TraceCheckUtils]: 2: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:17,984 INFO L290 TraceCheckUtils]: 3: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:17,984 INFO L290 TraceCheckUtils]: 4: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,984 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21611#true} {21611#true} #1629#return; {21611#true} is VALID [2022-02-20 18:02:17,984 INFO L290 TraceCheckUtils]: 6: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,984 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21611#true} {21612#false} #1769#return; {21612#false} is VALID [2022-02-20 18:02:17,984 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:02:17,987 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:17,989 INFO L290 TraceCheckUtils]: 0: Hoare triple {21721#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:17,989 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:17,989 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:17,989 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21612#false} #1771#return; {21612#false} is VALID [2022-02-20 18:02:17,998 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:02:17,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,001 INFO L290 TraceCheckUtils]: 0: Hoare triple {21734#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,001 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,001 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,001 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21612#false} #1651#return; {21612#false} is VALID [2022-02-20 18:02:18,009 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:02:18,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,012 INFO L290 TraceCheckUtils]: 0: Hoare triple {21735#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,012 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,012 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,012 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21612#false} #1653#return; {21612#false} is VALID [2022-02-20 18:02:18,012 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 18:02:18,013 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,015 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} ~handle := #in~handle;havoc ~retValue_acc~32; {21611#true} is VALID [2022-02-20 18:02:18,015 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {21611#true} is VALID [2022-02-20 18:02:18,015 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,015 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21612#false} #1617#return; {21612#false} is VALID [2022-02-20 18:02:18,015 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 18:02:18,016 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,017 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {21611#true} is VALID [2022-02-20 18:02:18,018 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle; {21611#true} is VALID [2022-02-20 18:02:18,018 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {21611#true} is VALID [2022-02-20 18:02:18,018 INFO L290 TraceCheckUtils]: 3: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,018 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21611#true} {21612#false} #1619#return; {21612#false} is VALID [2022-02-20 18:02:18,018 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-02-20 18:02:18,019 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,020 INFO L290 TraceCheckUtils]: 0: Hoare triple {21734#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,020 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,021 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,021 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21612#false} #1663#return; {21612#false} is VALID [2022-02-20 18:02:18,021 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 159 [2022-02-20 18:02:18,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,023 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} ~handle := #in~handle;havoc ~retValue_acc~35; {21611#true} is VALID [2022-02-20 18:02:18,023 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {21611#true} is VALID [2022-02-20 18:02:18,023 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,023 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21612#false} #1665#return; {21612#false} is VALID [2022-02-20 18:02:18,023 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 166 [2022-02-20 18:02:18,024 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,026 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} ~handle := #in~handle;havoc ~retValue_acc~32; {21611#true} is VALID [2022-02-20 18:02:18,026 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {21611#true} is VALID [2022-02-20 18:02:18,026 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,027 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21612#false} #1667#return; {21612#false} is VALID [2022-02-20 18:02:18,027 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 173 [2022-02-20 18:02:18,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,029 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} ~handle := #in~handle;havoc ~retValue_acc~19; {21611#true} is VALID [2022-02-20 18:02:18,029 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {21611#true} is VALID [2022-02-20 18:02:18,029 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,029 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21612#false} #1669#return; {21612#false} is VALID [2022-02-20 18:02:18,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 179 [2022-02-20 18:02:18,030 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,032 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21611#true} is VALID [2022-02-20 18:02:18,032 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {21611#true} is VALID [2022-02-20 18:02:18,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,032 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21612#false} #1671#return; {21612#false} is VALID [2022-02-20 18:02:18,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 185 [2022-02-20 18:02:18,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,035 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {21611#true} is VALID [2022-02-20 18:02:18,035 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {21611#true} is VALID [2022-02-20 18:02:18,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,036 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21611#true} {21612#false} #1673#return; {21612#false} is VALID [2022-02-20 18:02:18,036 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {21611#true} is VALID [2022-02-20 18:02:18,036 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {21611#true} is VALID [2022-02-20 18:02:18,036 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {21611#true} is VALID [2022-02-20 18:02:18,036 INFO L272 TraceCheckUtils]: 3: Hoare triple {21611#true} call select_features_#t~ret58#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,036 INFO L290 TraceCheckUtils]: 4: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,036 INFO L290 TraceCheckUtils]: 5: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,036 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21611#true} {21611#true} #1741#return; {21611#true} is VALID [2022-02-20 18:02:18,037 INFO L290 TraceCheckUtils]: 7: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {21611#true} is VALID [2022-02-20 18:02:18,037 INFO L272 TraceCheckUtils]: 8: Hoare triple {21611#true} call select_features_#t~ret59#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,037 INFO L290 TraceCheckUtils]: 9: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,037 INFO L290 TraceCheckUtils]: 10: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,037 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {21611#true} {21611#true} #1743#return; {21611#true} is VALID [2022-02-20 18:02:18,037 INFO L290 TraceCheckUtils]: 12: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {21611#true} is VALID [2022-02-20 18:02:18,037 INFO L272 TraceCheckUtils]: 13: Hoare triple {21611#true} call select_features_#t~ret60#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,037 INFO L290 TraceCheckUtils]: 14: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,037 INFO L290 TraceCheckUtils]: 15: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,038 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21611#true} {21611#true} #1745#return; {21611#true} is VALID [2022-02-20 18:02:18,038 INFO L290 TraceCheckUtils]: 17: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {21611#true} is VALID [2022-02-20 18:02:18,038 INFO L272 TraceCheckUtils]: 18: Hoare triple {21611#true} call select_features_#t~ret61#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,038 INFO L290 TraceCheckUtils]: 19: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,038 INFO L290 TraceCheckUtils]: 20: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,038 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {21611#true} {21611#true} #1747#return; {21611#true} is VALID [2022-02-20 18:02:18,038 INFO L290 TraceCheckUtils]: 22: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {21611#true} is VALID [2022-02-20 18:02:18,038 INFO L272 TraceCheckUtils]: 23: Hoare triple {21611#true} call select_features_#t~ret62#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,038 INFO L290 TraceCheckUtils]: 24: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,038 INFO L290 TraceCheckUtils]: 25: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,039 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {21611#true} {21611#true} #1749#return; {21611#true} is VALID [2022-02-20 18:02:18,039 INFO L290 TraceCheckUtils]: 27: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {21611#true} is VALID [2022-02-20 18:02:18,039 INFO L272 TraceCheckUtils]: 28: Hoare triple {21611#true} call select_features_#t~ret63#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,039 INFO L290 TraceCheckUtils]: 29: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,039 INFO L290 TraceCheckUtils]: 30: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,039 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {21611#true} {21611#true} #1751#return; {21611#true} is VALID [2022-02-20 18:02:18,039 INFO L290 TraceCheckUtils]: 32: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {21611#true} is VALID [2022-02-20 18:02:18,039 INFO L272 TraceCheckUtils]: 33: Hoare triple {21611#true} call select_features_#t~ret64#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,039 INFO L290 TraceCheckUtils]: 34: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,040 INFO L290 TraceCheckUtils]: 35: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,040 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {21611#true} {21611#true} #1753#return; {21611#true} is VALID [2022-02-20 18:02:18,040 INFO L290 TraceCheckUtils]: 37: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {21611#true} is VALID [2022-02-20 18:02:18,040 INFO L272 TraceCheckUtils]: 38: Hoare triple {21611#true} call select_features_#t~ret65#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,040 INFO L290 TraceCheckUtils]: 39: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,040 INFO L290 TraceCheckUtils]: 40: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,040 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {21611#true} {21611#true} #1755#return; {21611#true} is VALID [2022-02-20 18:02:18,040 INFO L290 TraceCheckUtils]: 42: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {21611#true} is VALID [2022-02-20 18:02:18,040 INFO L290 TraceCheckUtils]: 43: Hoare triple {21611#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {21611#true} is VALID [2022-02-20 18:02:18,041 INFO L290 TraceCheckUtils]: 44: Hoare triple {21611#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21611#true} is VALID [2022-02-20 18:02:18,041 INFO L290 TraceCheckUtils]: 45: Hoare triple {21611#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {21611#true} is VALID [2022-02-20 18:02:18,041 INFO L290 TraceCheckUtils]: 46: Hoare triple {21611#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {21611#true} is VALID [2022-02-20 18:02:18,041 INFO L290 TraceCheckUtils]: 47: Hoare triple {21611#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {21611#true} is VALID [2022-02-20 18:02:18,041 INFO L290 TraceCheckUtils]: 48: Hoare triple {21611#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21611#true} is VALID [2022-02-20 18:02:18,041 INFO L290 TraceCheckUtils]: 49: Hoare triple {21611#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {21611#true} is VALID [2022-02-20 18:02:18,041 INFO L290 TraceCheckUtils]: 50: Hoare triple {21611#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21611#true} is VALID [2022-02-20 18:02:18,041 INFO L290 TraceCheckUtils]: 51: Hoare triple {21611#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {21611#true} is VALID [2022-02-20 18:02:18,041 INFO L290 TraceCheckUtils]: 52: Hoare triple {21611#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21611#true} is VALID [2022-02-20 18:02:18,042 INFO L290 TraceCheckUtils]: 53: Hoare triple {21611#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~9#1 := 1; {21611#true} is VALID [2022-02-20 18:02:18,042 INFO L290 TraceCheckUtils]: 54: Hoare triple {21611#true} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {21611#true} is VALID [2022-02-20 18:02:18,042 INFO L290 TraceCheckUtils]: 55: Hoare triple {21611#true} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {21611#true} is VALID [2022-02-20 18:02:18,042 INFO L290 TraceCheckUtils]: 56: Hoare triple {21611#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {21611#true} is VALID [2022-02-20 18:02:18,042 INFO L290 TraceCheckUtils]: 57: Hoare triple {21611#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {21611#true} is VALID [2022-02-20 18:02:18,043 INFO L272 TraceCheckUtils]: 58: Hoare triple {21611#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:18,044 INFO L290 TraceCheckUtils]: 59: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {21611#true} is VALID [2022-02-20 18:02:18,044 INFO L272 TraceCheckUtils]: 60: Hoare triple {21611#true} call setClientId(~bob___0, ~bob___0); {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:18,044 INFO L290 TraceCheckUtils]: 61: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,044 INFO L290 TraceCheckUtils]: 62: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,045 INFO L290 TraceCheckUtils]: 63: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,045 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21611#true} {21611#true} #1739#return; {21611#true} is VALID [2022-02-20 18:02:18,045 INFO L290 TraceCheckUtils]: 65: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,045 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21611#true} {21611#true} #1757#return; {21611#true} is VALID [2022-02-20 18:02:18,045 INFO L272 TraceCheckUtils]: 67: Hoare triple {21611#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {21721#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:18,046 INFO L290 TraceCheckUtils]: 68: Hoare triple {21721#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,046 INFO L290 TraceCheckUtils]: 69: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,046 INFO L290 TraceCheckUtils]: 70: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,046 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21611#true} {21611#true} #1759#return; {21611#true} is VALID [2022-02-20 18:02:18,046 INFO L290 TraceCheckUtils]: 72: Hoare triple {21611#true} assume { :end_inline_setup_bob__role__Keys } true; {21611#true} is VALID [2022-02-20 18:02:18,046 INFO L290 TraceCheckUtils]: 73: Hoare triple {21611#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {21649#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:18,047 INFO L290 TraceCheckUtils]: 74: Hoare triple {21649#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {21650#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:18,047 INFO L272 TraceCheckUtils]: 75: Hoare triple {21650#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:18,048 INFO L290 TraceCheckUtils]: 76: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {21722#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:18,048 INFO L272 TraceCheckUtils]: 77: Hoare triple {21722#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:18,048 INFO L290 TraceCheckUtils]: 78: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21728#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:18,049 INFO L290 TraceCheckUtils]: 79: Hoare triple {21728#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21729#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:18,049 INFO L290 TraceCheckUtils]: 80: Hoare triple {21729#(= |setClientId_#in~handle| 1)} assume true; {21729#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:18,050 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21729#(= |setClientId_#in~handle| 1)} {21722#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1691#return; {21727#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:18,050 INFO L290 TraceCheckUtils]: 82: Hoare triple {21727#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {21727#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:18,050 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {21727#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {21650#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1763#return; {21612#false} is VALID [2022-02-20 18:02:18,050 INFO L272 TraceCheckUtils]: 84: Hoare triple {21612#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {21721#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:18,050 INFO L290 TraceCheckUtils]: 85: Hoare triple {21721#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,051 INFO L290 TraceCheckUtils]: 86: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,051 INFO L290 TraceCheckUtils]: 87: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,051 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21611#true} {21612#false} #1765#return; {21612#false} is VALID [2022-02-20 18:02:18,051 INFO L290 TraceCheckUtils]: 89: Hoare triple {21612#false} assume { :end_inline_setup_rjh__role__Keys } true; {21612#false} is VALID [2022-02-20 18:02:18,051 INFO L290 TraceCheckUtils]: 90: Hoare triple {21612#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {21612#false} is VALID [2022-02-20 18:02:18,051 INFO L290 TraceCheckUtils]: 91: Hoare triple {21612#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {21612#false} is VALID [2022-02-20 18:02:18,051 INFO L272 TraceCheckUtils]: 92: Hoare triple {21612#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:18,051 INFO L290 TraceCheckUtils]: 93: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {21611#true} is VALID [2022-02-20 18:02:18,052 INFO L272 TraceCheckUtils]: 94: Hoare triple {21611#true} call setClientId(~chuck___0, ~chuck___0); {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:18,052 INFO L290 TraceCheckUtils]: 95: Hoare triple {21716#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,052 INFO L290 TraceCheckUtils]: 96: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,052 INFO L290 TraceCheckUtils]: 97: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,052 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21611#true} {21611#true} #1629#return; {21611#true} is VALID [2022-02-20 18:02:18,052 INFO L290 TraceCheckUtils]: 99: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,053 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21611#true} {21612#false} #1769#return; {21612#false} is VALID [2022-02-20 18:02:18,053 INFO L272 TraceCheckUtils]: 101: Hoare triple {21612#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {21721#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:18,053 INFO L290 TraceCheckUtils]: 102: Hoare triple {21721#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,053 INFO L290 TraceCheckUtils]: 103: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,053 INFO L290 TraceCheckUtils]: 104: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,053 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21611#true} {21612#false} #1771#return; {21612#false} is VALID [2022-02-20 18:02:18,053 INFO L290 TraceCheckUtils]: 106: Hoare triple {21612#false} assume { :end_inline_setup_chuck__role__Keys } true; {21612#false} is VALID [2022-02-20 18:02:18,053 INFO L290 TraceCheckUtils]: 107: Hoare triple {21612#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {21612#false} is VALID [2022-02-20 18:02:18,053 INFO L290 TraceCheckUtils]: 108: Hoare triple {21612#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21612#false} is VALID [2022-02-20 18:02:18,054 INFO L290 TraceCheckUtils]: 109: Hoare triple {21612#false} assume !false; {21612#false} is VALID [2022-02-20 18:02:18,054 INFO L290 TraceCheckUtils]: 110: Hoare triple {21612#false} assume !(test_~splverifierCounter~0#1 < 4); {21612#false} is VALID [2022-02-20 18:02:18,054 INFO L290 TraceCheckUtils]: 111: Hoare triple {21612#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {21612#false} is VALID [2022-02-20 18:02:18,054 INFO L272 TraceCheckUtils]: 112: Hoare triple {21612#false} call sendEmail(~bob~0, ~rjh~0); {21612#false} is VALID [2022-02-20 18:02:18,054 INFO L290 TraceCheckUtils]: 113: Hoare triple {21612#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21612#false} is VALID [2022-02-20 18:02:18,054 INFO L272 TraceCheckUtils]: 114: Hoare triple {21612#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21734#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:18,054 INFO L290 TraceCheckUtils]: 115: Hoare triple {21734#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,054 INFO L290 TraceCheckUtils]: 116: Hoare triple {21611#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,055 INFO L290 TraceCheckUtils]: 117: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,055 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {21611#true} {21612#false} #1651#return; {21612#false} is VALID [2022-02-20 18:02:18,055 INFO L272 TraceCheckUtils]: 119: Hoare triple {21612#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21735#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:18,055 INFO L290 TraceCheckUtils]: 120: Hoare triple {21735#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,055 INFO L290 TraceCheckUtils]: 121: Hoare triple {21611#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,055 INFO L290 TraceCheckUtils]: 122: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,055 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {21611#true} {21612#false} #1653#return; {21612#false} is VALID [2022-02-20 18:02:18,055 INFO L290 TraceCheckUtils]: 124: Hoare triple {21612#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {21612#false} is VALID [2022-02-20 18:02:18,055 INFO L290 TraceCheckUtils]: 125: Hoare triple {21612#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {21612#false} is VALID [2022-02-20 18:02:18,055 INFO L272 TraceCheckUtils]: 126: Hoare triple {21612#false} call outgoing(~sender#1, ~email~0#1); {21612#false} is VALID [2022-02-20 18:02:18,056 INFO L290 TraceCheckUtils]: 127: Hoare triple {21612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21612#false} is VALID [2022-02-20 18:02:18,056 INFO L290 TraceCheckUtils]: 128: Hoare triple {21612#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {21612#false} is VALID [2022-02-20 18:02:18,056 INFO L272 TraceCheckUtils]: 129: Hoare triple {21612#false} call outgoing__before__Sign(~client#1, ~msg#1); {21612#false} is VALID [2022-02-20 18:02:18,056 INFO L290 TraceCheckUtils]: 130: Hoare triple {21612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21612#false} is VALID [2022-02-20 18:02:18,056 INFO L290 TraceCheckUtils]: 131: Hoare triple {21612#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {21612#false} is VALID [2022-02-20 18:02:18,056 INFO L272 TraceCheckUtils]: 132: Hoare triple {21612#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {21612#false} is VALID [2022-02-20 18:02:18,056 INFO L290 TraceCheckUtils]: 133: Hoare triple {21612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21612#false} is VALID [2022-02-20 18:02:18,056 INFO L290 TraceCheckUtils]: 134: Hoare triple {21612#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret103#1, outgoing__role__Encrypt_#t~ret104#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~18#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~7#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~18#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~7#1; {21612#false} is VALID [2022-02-20 18:02:18,056 INFO L272 TraceCheckUtils]: 135: Hoare triple {21612#false} call outgoing__role__Encrypt_#t~ret103#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {21611#true} is VALID [2022-02-20 18:02:18,057 INFO L290 TraceCheckUtils]: 136: Hoare triple {21611#true} ~handle := #in~handle;havoc ~retValue_acc~32; {21611#true} is VALID [2022-02-20 18:02:18,057 INFO L290 TraceCheckUtils]: 137: Hoare triple {21611#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {21611#true} is VALID [2022-02-20 18:02:18,057 INFO L290 TraceCheckUtils]: 138: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,057 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {21611#true} {21612#false} #1617#return; {21612#false} is VALID [2022-02-20 18:02:18,057 INFO L290 TraceCheckUtils]: 140: Hoare triple {21612#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret103#1 && outgoing__role__Encrypt_#t~ret103#1 <= 2147483647;outgoing__role__Encrypt_~tmp~18#1 := outgoing__role__Encrypt_#t~ret103#1;havoc outgoing__role__Encrypt_#t~ret103#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~18#1; {21612#false} is VALID [2022-02-20 18:02:18,057 INFO L272 TraceCheckUtils]: 141: Hoare triple {21612#false} call outgoing__role__Encrypt_#t~ret104#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {21611#true} is VALID [2022-02-20 18:02:18,057 INFO L290 TraceCheckUtils]: 142: Hoare triple {21611#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {21611#true} is VALID [2022-02-20 18:02:18,057 INFO L290 TraceCheckUtils]: 143: Hoare triple {21611#true} assume 1 == ~handle; {21611#true} is VALID [2022-02-20 18:02:18,057 INFO L290 TraceCheckUtils]: 144: Hoare triple {21611#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {21611#true} is VALID [2022-02-20 18:02:18,057 INFO L290 TraceCheckUtils]: 145: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,058 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {21611#true} {21612#false} #1619#return; {21612#false} is VALID [2022-02-20 18:02:18,058 INFO L290 TraceCheckUtils]: 147: Hoare triple {21612#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret104#1 && outgoing__role__Encrypt_#t~ret104#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~7#1 := outgoing__role__Encrypt_#t~ret104#1;havoc outgoing__role__Encrypt_#t~ret104#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~7#1; {21612#false} is VALID [2022-02-20 18:02:18,058 INFO L290 TraceCheckUtils]: 148: Hoare triple {21612#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {21612#false} is VALID [2022-02-20 18:02:18,058 INFO L272 TraceCheckUtils]: 149: Hoare triple {21612#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {21612#false} is VALID [2022-02-20 18:02:18,058 INFO L290 TraceCheckUtils]: 150: Hoare triple {21612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {21612#false} is VALID [2022-02-20 18:02:18,058 INFO L290 TraceCheckUtils]: 151: Hoare triple {21612#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {21612#false} is VALID [2022-02-20 18:02:18,058 INFO L290 TraceCheckUtils]: 152: Hoare triple {21612#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {21612#false} is VALID [2022-02-20 18:02:18,058 INFO L272 TraceCheckUtils]: 153: Hoare triple {21612#false} call setEmailFrom(~msg#1, ~tmp~17#1); {21734#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:18,058 INFO L290 TraceCheckUtils]: 154: Hoare triple {21734#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,059 INFO L290 TraceCheckUtils]: 155: Hoare triple {21611#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,059 INFO L290 TraceCheckUtils]: 156: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,059 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {21611#true} {21612#false} #1663#return; {21612#false} is VALID [2022-02-20 18:02:18,059 INFO L290 TraceCheckUtils]: 158: Hoare triple {21612#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {21612#false} is VALID [2022-02-20 18:02:18,059 INFO L272 TraceCheckUtils]: 159: Hoare triple {21612#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {21611#true} is VALID [2022-02-20 18:02:18,059 INFO L290 TraceCheckUtils]: 160: Hoare triple {21611#true} ~handle := #in~handle;havoc ~retValue_acc~35; {21611#true} is VALID [2022-02-20 18:02:18,059 INFO L290 TraceCheckUtils]: 161: Hoare triple {21611#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {21611#true} is VALID [2022-02-20 18:02:18,059 INFO L290 TraceCheckUtils]: 162: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,059 INFO L284 TraceCheckUtils]: 163: Hoare quadruple {21611#true} {21612#false} #1665#return; {21612#false} is VALID [2022-02-20 18:02:18,060 INFO L290 TraceCheckUtils]: 164: Hoare triple {21612#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {21612#false} is VALID [2022-02-20 18:02:18,060 INFO L290 TraceCheckUtils]: 165: Hoare triple {21612#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {21612#false} is VALID [2022-02-20 18:02:18,060 INFO L272 TraceCheckUtils]: 166: Hoare triple {21612#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {21611#true} is VALID [2022-02-20 18:02:18,060 INFO L290 TraceCheckUtils]: 167: Hoare triple {21611#true} ~handle := #in~handle;havoc ~retValue_acc~32; {21611#true} is VALID [2022-02-20 18:02:18,060 INFO L290 TraceCheckUtils]: 168: Hoare triple {21611#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {21611#true} is VALID [2022-02-20 18:02:18,060 INFO L290 TraceCheckUtils]: 169: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,060 INFO L284 TraceCheckUtils]: 170: Hoare quadruple {21611#true} {21612#false} #1667#return; {21612#false} is VALID [2022-02-20 18:02:18,060 INFO L290 TraceCheckUtils]: 171: Hoare triple {21612#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {21612#false} is VALID [2022-02-20 18:02:18,060 INFO L290 TraceCheckUtils]: 172: Hoare triple {21612#false} assume 1 == ~sent_encrypted~0; {21612#false} is VALID [2022-02-20 18:02:18,060 INFO L272 TraceCheckUtils]: 173: Hoare triple {21612#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {21611#true} is VALID [2022-02-20 18:02:18,061 INFO L290 TraceCheckUtils]: 174: Hoare triple {21611#true} ~handle := #in~handle;havoc ~retValue_acc~19; {21611#true} is VALID [2022-02-20 18:02:18,061 INFO L290 TraceCheckUtils]: 175: Hoare triple {21611#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {21611#true} is VALID [2022-02-20 18:02:18,061 INFO L290 TraceCheckUtils]: 176: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,061 INFO L284 TraceCheckUtils]: 177: Hoare quadruple {21611#true} {21612#false} #1669#return; {21612#false} is VALID [2022-02-20 18:02:18,061 INFO L290 TraceCheckUtils]: 178: Hoare triple {21612#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {21612#false} is VALID [2022-02-20 18:02:18,061 INFO L272 TraceCheckUtils]: 179: Hoare triple {21612#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {21611#true} is VALID [2022-02-20 18:02:18,061 INFO L290 TraceCheckUtils]: 180: Hoare triple {21611#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21611#true} is VALID [2022-02-20 18:02:18,061 INFO L290 TraceCheckUtils]: 181: Hoare triple {21611#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {21611#true} is VALID [2022-02-20 18:02:18,061 INFO L290 TraceCheckUtils]: 182: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,062 INFO L284 TraceCheckUtils]: 183: Hoare quadruple {21611#true} {21612#false} #1671#return; {21612#false} is VALID [2022-02-20 18:02:18,062 INFO L290 TraceCheckUtils]: 184: Hoare triple {21612#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {21612#false} is VALID [2022-02-20 18:02:18,062 INFO L272 TraceCheckUtils]: 185: Hoare triple {21612#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {21611#true} is VALID [2022-02-20 18:02:18,062 INFO L290 TraceCheckUtils]: 186: Hoare triple {21611#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {21611#true} is VALID [2022-02-20 18:02:18,062 INFO L290 TraceCheckUtils]: 187: Hoare triple {21611#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {21611#true} is VALID [2022-02-20 18:02:18,062 INFO L290 TraceCheckUtils]: 188: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,062 INFO L284 TraceCheckUtils]: 189: Hoare quadruple {21611#true} {21612#false} #1673#return; {21612#false} is VALID [2022-02-20 18:02:18,062 INFO L290 TraceCheckUtils]: 190: Hoare triple {21612#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {21612#false} is VALID [2022-02-20 18:02:18,062 INFO L290 TraceCheckUtils]: 191: Hoare triple {21612#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {21612#false} is VALID [2022-02-20 18:02:18,062 INFO L290 TraceCheckUtils]: 192: Hoare triple {21612#false} assume !false; {21612#false} is VALID [2022-02-20 18:02:18,063 INFO L134 CoverageAnalysis]: Checked inductivity of 116 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 110 trivial. 0 not checked. [2022-02-20 18:02:18,063 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:18,063 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [501177121] [2022-02-20 18:02:18,063 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [501177121] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:18,064 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1658688174] [2022-02-20 18:02:18,064 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:18,064 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:18,064 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:18,066 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:18,067 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:02:18,344 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,353 INFO L263 TraceCheckSpWp]: Trace formula consists of 1564 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:02:18,424 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,432 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:18,774 INFO L290 TraceCheckUtils]: 0: Hoare triple {21611#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {21611#true} is VALID [2022-02-20 18:02:18,774 INFO L290 TraceCheckUtils]: 1: Hoare triple {21611#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {21611#true} is VALID [2022-02-20 18:02:18,774 INFO L290 TraceCheckUtils]: 2: Hoare triple {21611#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {21611#true} is VALID [2022-02-20 18:02:18,775 INFO L272 TraceCheckUtils]: 3: Hoare triple {21611#true} call select_features_#t~ret58#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,775 INFO L290 TraceCheckUtils]: 4: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,775 INFO L290 TraceCheckUtils]: 5: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,775 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21611#true} {21611#true} #1741#return; {21611#true} is VALID [2022-02-20 18:02:18,775 INFO L290 TraceCheckUtils]: 7: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {21611#true} is VALID [2022-02-20 18:02:18,775 INFO L272 TraceCheckUtils]: 8: Hoare triple {21611#true} call select_features_#t~ret59#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,775 INFO L290 TraceCheckUtils]: 9: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,775 INFO L290 TraceCheckUtils]: 10: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,776 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {21611#true} {21611#true} #1743#return; {21611#true} is VALID [2022-02-20 18:02:18,776 INFO L290 TraceCheckUtils]: 12: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {21611#true} is VALID [2022-02-20 18:02:18,776 INFO L272 TraceCheckUtils]: 13: Hoare triple {21611#true} call select_features_#t~ret60#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,776 INFO L290 TraceCheckUtils]: 14: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,776 INFO L290 TraceCheckUtils]: 15: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,776 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21611#true} {21611#true} #1745#return; {21611#true} is VALID [2022-02-20 18:02:18,776 INFO L290 TraceCheckUtils]: 17: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {21611#true} is VALID [2022-02-20 18:02:18,776 INFO L272 TraceCheckUtils]: 18: Hoare triple {21611#true} call select_features_#t~ret61#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,777 INFO L290 TraceCheckUtils]: 19: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,777 INFO L290 TraceCheckUtils]: 20: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,777 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {21611#true} {21611#true} #1747#return; {21611#true} is VALID [2022-02-20 18:02:18,777 INFO L290 TraceCheckUtils]: 22: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {21611#true} is VALID [2022-02-20 18:02:18,777 INFO L272 TraceCheckUtils]: 23: Hoare triple {21611#true} call select_features_#t~ret62#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,777 INFO L290 TraceCheckUtils]: 24: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,777 INFO L290 TraceCheckUtils]: 25: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,777 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {21611#true} {21611#true} #1749#return; {21611#true} is VALID [2022-02-20 18:02:18,777 INFO L290 TraceCheckUtils]: 27: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {21611#true} is VALID [2022-02-20 18:02:18,778 INFO L272 TraceCheckUtils]: 28: Hoare triple {21611#true} call select_features_#t~ret63#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,778 INFO L290 TraceCheckUtils]: 29: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,778 INFO L290 TraceCheckUtils]: 30: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,778 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {21611#true} {21611#true} #1751#return; {21611#true} is VALID [2022-02-20 18:02:18,778 INFO L290 TraceCheckUtils]: 32: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {21611#true} is VALID [2022-02-20 18:02:18,778 INFO L272 TraceCheckUtils]: 33: Hoare triple {21611#true} call select_features_#t~ret64#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,778 INFO L290 TraceCheckUtils]: 34: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,778 INFO L290 TraceCheckUtils]: 35: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,779 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {21611#true} {21611#true} #1753#return; {21611#true} is VALID [2022-02-20 18:02:18,779 INFO L290 TraceCheckUtils]: 37: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {21611#true} is VALID [2022-02-20 18:02:18,779 INFO L272 TraceCheckUtils]: 38: Hoare triple {21611#true} call select_features_#t~ret65#1 := select_one(); {21611#true} is VALID [2022-02-20 18:02:18,779 INFO L290 TraceCheckUtils]: 39: Hoare triple {21611#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {21611#true} is VALID [2022-02-20 18:02:18,779 INFO L290 TraceCheckUtils]: 40: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,779 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {21611#true} {21611#true} #1755#return; {21611#true} is VALID [2022-02-20 18:02:18,779 INFO L290 TraceCheckUtils]: 42: Hoare triple {21611#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {21611#true} is VALID [2022-02-20 18:02:18,779 INFO L290 TraceCheckUtils]: 43: Hoare triple {21611#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {21611#true} is VALID [2022-02-20 18:02:18,780 INFO L290 TraceCheckUtils]: 44: Hoare triple {21611#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21611#true} is VALID [2022-02-20 18:02:18,780 INFO L290 TraceCheckUtils]: 45: Hoare triple {21611#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {21611#true} is VALID [2022-02-20 18:02:18,780 INFO L290 TraceCheckUtils]: 46: Hoare triple {21611#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {21611#true} is VALID [2022-02-20 18:02:18,780 INFO L290 TraceCheckUtils]: 47: Hoare triple {21611#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {21611#true} is VALID [2022-02-20 18:02:18,780 INFO L290 TraceCheckUtils]: 48: Hoare triple {21611#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21611#true} is VALID [2022-02-20 18:02:18,780 INFO L290 TraceCheckUtils]: 49: Hoare triple {21611#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {21611#true} is VALID [2022-02-20 18:02:18,780 INFO L290 TraceCheckUtils]: 50: Hoare triple {21611#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21611#true} is VALID [2022-02-20 18:02:18,780 INFO L290 TraceCheckUtils]: 51: Hoare triple {21611#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {21611#true} is VALID [2022-02-20 18:02:18,780 INFO L290 TraceCheckUtils]: 52: Hoare triple {21611#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21611#true} is VALID [2022-02-20 18:02:18,781 INFO L290 TraceCheckUtils]: 53: Hoare triple {21611#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~9#1 := 1; {21611#true} is VALID [2022-02-20 18:02:18,781 INFO L290 TraceCheckUtils]: 54: Hoare triple {21611#true} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {21611#true} is VALID [2022-02-20 18:02:18,781 INFO L290 TraceCheckUtils]: 55: Hoare triple {21611#true} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {21611#true} is VALID [2022-02-20 18:02:18,781 INFO L290 TraceCheckUtils]: 56: Hoare triple {21611#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {21611#true} is VALID [2022-02-20 18:02:18,781 INFO L290 TraceCheckUtils]: 57: Hoare triple {21611#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {21611#true} is VALID [2022-02-20 18:02:18,781 INFO L272 TraceCheckUtils]: 58: Hoare triple {21611#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {21611#true} is VALID [2022-02-20 18:02:18,781 INFO L290 TraceCheckUtils]: 59: Hoare triple {21611#true} ~bob___0 := #in~bob___0; {21611#true} is VALID [2022-02-20 18:02:18,781 INFO L272 TraceCheckUtils]: 60: Hoare triple {21611#true} call setClientId(~bob___0, ~bob___0); {21611#true} is VALID [2022-02-20 18:02:18,782 INFO L290 TraceCheckUtils]: 61: Hoare triple {21611#true} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,782 INFO L290 TraceCheckUtils]: 62: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,782 INFO L290 TraceCheckUtils]: 63: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,782 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21611#true} {21611#true} #1739#return; {21611#true} is VALID [2022-02-20 18:02:18,782 INFO L290 TraceCheckUtils]: 65: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,782 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21611#true} {21611#true} #1757#return; {21611#true} is VALID [2022-02-20 18:02:18,782 INFO L272 TraceCheckUtils]: 67: Hoare triple {21611#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {21611#true} is VALID [2022-02-20 18:02:18,782 INFO L290 TraceCheckUtils]: 68: Hoare triple {21611#true} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,782 INFO L290 TraceCheckUtils]: 69: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,783 INFO L290 TraceCheckUtils]: 70: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,783 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21611#true} {21611#true} #1759#return; {21611#true} is VALID [2022-02-20 18:02:18,783 INFO L290 TraceCheckUtils]: 72: Hoare triple {21611#true} assume { :end_inline_setup_bob__role__Keys } true; {21611#true} is VALID [2022-02-20 18:02:18,783 INFO L290 TraceCheckUtils]: 73: Hoare triple {21611#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {21611#true} is VALID [2022-02-20 18:02:18,783 INFO L290 TraceCheckUtils]: 74: Hoare triple {21611#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {21611#true} is VALID [2022-02-20 18:02:18,783 INFO L272 TraceCheckUtils]: 75: Hoare triple {21611#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {21611#true} is VALID [2022-02-20 18:02:18,783 INFO L290 TraceCheckUtils]: 76: Hoare triple {21611#true} ~rjh___0 := #in~rjh___0; {21611#true} is VALID [2022-02-20 18:02:18,783 INFO L272 TraceCheckUtils]: 77: Hoare triple {21611#true} call setClientId(~rjh___0, ~rjh___0); {21611#true} is VALID [2022-02-20 18:02:18,784 INFO L290 TraceCheckUtils]: 78: Hoare triple {21611#true} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,784 INFO L290 TraceCheckUtils]: 79: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,784 INFO L290 TraceCheckUtils]: 80: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,784 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21611#true} {21611#true} #1691#return; {21611#true} is VALID [2022-02-20 18:02:18,784 INFO L290 TraceCheckUtils]: 82: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,784 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {21611#true} {21611#true} #1763#return; {21611#true} is VALID [2022-02-20 18:02:18,784 INFO L272 TraceCheckUtils]: 84: Hoare triple {21611#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {21611#true} is VALID [2022-02-20 18:02:18,784 INFO L290 TraceCheckUtils]: 85: Hoare triple {21611#true} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,785 INFO L290 TraceCheckUtils]: 86: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,785 INFO L290 TraceCheckUtils]: 87: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,785 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21611#true} {21611#true} #1765#return; {21611#true} is VALID [2022-02-20 18:02:18,785 INFO L290 TraceCheckUtils]: 89: Hoare triple {21611#true} assume { :end_inline_setup_rjh__role__Keys } true; {21611#true} is VALID [2022-02-20 18:02:18,785 INFO L290 TraceCheckUtils]: 90: Hoare triple {21611#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {21611#true} is VALID [2022-02-20 18:02:18,785 INFO L290 TraceCheckUtils]: 91: Hoare triple {21611#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {21611#true} is VALID [2022-02-20 18:02:18,785 INFO L272 TraceCheckUtils]: 92: Hoare triple {21611#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {21611#true} is VALID [2022-02-20 18:02:18,785 INFO L290 TraceCheckUtils]: 93: Hoare triple {21611#true} ~chuck___0 := #in~chuck___0; {21611#true} is VALID [2022-02-20 18:02:18,785 INFO L272 TraceCheckUtils]: 94: Hoare triple {21611#true} call setClientId(~chuck___0, ~chuck___0); {21611#true} is VALID [2022-02-20 18:02:18,786 INFO L290 TraceCheckUtils]: 95: Hoare triple {21611#true} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,786 INFO L290 TraceCheckUtils]: 96: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,786 INFO L290 TraceCheckUtils]: 97: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,786 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21611#true} {21611#true} #1629#return; {21611#true} is VALID [2022-02-20 18:02:18,786 INFO L290 TraceCheckUtils]: 99: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,786 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21611#true} {21611#true} #1769#return; {21611#true} is VALID [2022-02-20 18:02:18,786 INFO L272 TraceCheckUtils]: 101: Hoare triple {21611#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {21611#true} is VALID [2022-02-20 18:02:18,786 INFO L290 TraceCheckUtils]: 102: Hoare triple {21611#true} ~handle := #in~handle;~value := #in~value; {21611#true} is VALID [2022-02-20 18:02:18,787 INFO L290 TraceCheckUtils]: 103: Hoare triple {21611#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21611#true} is VALID [2022-02-20 18:02:18,787 INFO L290 TraceCheckUtils]: 104: Hoare triple {21611#true} assume true; {21611#true} is VALID [2022-02-20 18:02:18,787 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21611#true} {21611#true} #1771#return; {21611#true} is VALID [2022-02-20 18:02:18,787 INFO L290 TraceCheckUtils]: 106: Hoare triple {21611#true} assume { :end_inline_setup_chuck__role__Keys } true; {21611#true} is VALID [2022-02-20 18:02:18,787 INFO L290 TraceCheckUtils]: 107: Hoare triple {21611#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {21611#true} is VALID [2022-02-20 18:02:18,788 INFO L290 TraceCheckUtils]: 108: Hoare triple {21611#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22063#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:18,788 INFO L290 TraceCheckUtils]: 109: Hoare triple {22063#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {22063#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:18,788 INFO L290 TraceCheckUtils]: 110: Hoare triple {22063#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {21612#false} is VALID [2022-02-20 18:02:18,788 INFO L290 TraceCheckUtils]: 111: Hoare triple {21612#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {21612#false} is VALID [2022-02-20 18:02:18,789 INFO L272 TraceCheckUtils]: 112: Hoare triple {21612#false} call sendEmail(~bob~0, ~rjh~0); {21612#false} is VALID [2022-02-20 18:02:18,789 INFO L290 TraceCheckUtils]: 113: Hoare triple {21612#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21612#false} is VALID [2022-02-20 18:02:18,789 INFO L272 TraceCheckUtils]: 114: Hoare triple {21612#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21612#false} is VALID [2022-02-20 18:02:18,789 INFO L290 TraceCheckUtils]: 115: Hoare triple {21612#false} ~handle := #in~handle;~value := #in~value; {21612#false} is VALID [2022-02-20 18:02:18,789 INFO L290 TraceCheckUtils]: 116: Hoare triple {21612#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21612#false} is VALID [2022-02-20 18:02:18,789 INFO L290 TraceCheckUtils]: 117: Hoare triple {21612#false} assume true; {21612#false} is VALID [2022-02-20 18:02:18,789 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {21612#false} {21612#false} #1651#return; {21612#false} is VALID [2022-02-20 18:02:18,789 INFO L272 TraceCheckUtils]: 119: Hoare triple {21612#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21612#false} is VALID [2022-02-20 18:02:18,789 INFO L290 TraceCheckUtils]: 120: Hoare triple {21612#false} ~handle := #in~handle;~value := #in~value; {21612#false} is VALID [2022-02-20 18:02:18,790 INFO L290 TraceCheckUtils]: 121: Hoare triple {21612#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21612#false} is VALID [2022-02-20 18:02:18,790 INFO L290 TraceCheckUtils]: 122: Hoare triple {21612#false} assume true; {21612#false} is VALID [2022-02-20 18:02:18,790 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {21612#false} {21612#false} #1653#return; {21612#false} is VALID [2022-02-20 18:02:18,790 INFO L290 TraceCheckUtils]: 124: Hoare triple {21612#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {21612#false} is VALID [2022-02-20 18:02:18,790 INFO L290 TraceCheckUtils]: 125: Hoare triple {21612#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {21612#false} is VALID [2022-02-20 18:02:18,790 INFO L272 TraceCheckUtils]: 126: Hoare triple {21612#false} call outgoing(~sender#1, ~email~0#1); {21612#false} is VALID [2022-02-20 18:02:18,790 INFO L290 TraceCheckUtils]: 127: Hoare triple {21612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21612#false} is VALID [2022-02-20 18:02:18,790 INFO L290 TraceCheckUtils]: 128: Hoare triple {21612#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {21612#false} is VALID [2022-02-20 18:02:18,791 INFO L272 TraceCheckUtils]: 129: Hoare triple {21612#false} call outgoing__before__Sign(~client#1, ~msg#1); {21612#false} is VALID [2022-02-20 18:02:18,791 INFO L290 TraceCheckUtils]: 130: Hoare triple {21612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21612#false} is VALID [2022-02-20 18:02:18,791 INFO L290 TraceCheckUtils]: 131: Hoare triple {21612#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {21612#false} is VALID [2022-02-20 18:02:18,791 INFO L272 TraceCheckUtils]: 132: Hoare triple {21612#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {21612#false} is VALID [2022-02-20 18:02:18,791 INFO L290 TraceCheckUtils]: 133: Hoare triple {21612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21612#false} is VALID [2022-02-20 18:02:18,791 INFO L290 TraceCheckUtils]: 134: Hoare triple {21612#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret103#1, outgoing__role__Encrypt_#t~ret104#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~18#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~7#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~18#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~7#1; {21612#false} is VALID [2022-02-20 18:02:18,791 INFO L272 TraceCheckUtils]: 135: Hoare triple {21612#false} call outgoing__role__Encrypt_#t~ret103#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {21612#false} is VALID [2022-02-20 18:02:18,791 INFO L290 TraceCheckUtils]: 136: Hoare triple {21612#false} ~handle := #in~handle;havoc ~retValue_acc~32; {21612#false} is VALID [2022-02-20 18:02:18,791 INFO L290 TraceCheckUtils]: 137: Hoare triple {21612#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {21612#false} is VALID [2022-02-20 18:02:18,792 INFO L290 TraceCheckUtils]: 138: Hoare triple {21612#false} assume true; {21612#false} is VALID [2022-02-20 18:02:18,792 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {21612#false} {21612#false} #1617#return; {21612#false} is VALID [2022-02-20 18:02:18,792 INFO L290 TraceCheckUtils]: 140: Hoare triple {21612#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret103#1 && outgoing__role__Encrypt_#t~ret103#1 <= 2147483647;outgoing__role__Encrypt_~tmp~18#1 := outgoing__role__Encrypt_#t~ret103#1;havoc outgoing__role__Encrypt_#t~ret103#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~18#1; {21612#false} is VALID [2022-02-20 18:02:18,792 INFO L272 TraceCheckUtils]: 141: Hoare triple {21612#false} call outgoing__role__Encrypt_#t~ret104#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {21612#false} is VALID [2022-02-20 18:02:18,792 INFO L290 TraceCheckUtils]: 142: Hoare triple {21612#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {21612#false} is VALID [2022-02-20 18:02:18,792 INFO L290 TraceCheckUtils]: 143: Hoare triple {21612#false} assume 1 == ~handle; {21612#false} is VALID [2022-02-20 18:02:18,792 INFO L290 TraceCheckUtils]: 144: Hoare triple {21612#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {21612#false} is VALID [2022-02-20 18:02:18,792 INFO L290 TraceCheckUtils]: 145: Hoare triple {21612#false} assume true; {21612#false} is VALID [2022-02-20 18:02:18,793 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {21612#false} {21612#false} #1619#return; {21612#false} is VALID [2022-02-20 18:02:18,793 INFO L290 TraceCheckUtils]: 147: Hoare triple {21612#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret104#1 && outgoing__role__Encrypt_#t~ret104#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~7#1 := outgoing__role__Encrypt_#t~ret104#1;havoc outgoing__role__Encrypt_#t~ret104#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~7#1; {21612#false} is VALID [2022-02-20 18:02:18,793 INFO L290 TraceCheckUtils]: 148: Hoare triple {21612#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {21612#false} is VALID [2022-02-20 18:02:18,793 INFO L272 TraceCheckUtils]: 149: Hoare triple {21612#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {21612#false} is VALID [2022-02-20 18:02:18,793 INFO L290 TraceCheckUtils]: 150: Hoare triple {21612#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {21612#false} is VALID [2022-02-20 18:02:18,793 INFO L290 TraceCheckUtils]: 151: Hoare triple {21612#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {21612#false} is VALID [2022-02-20 18:02:18,793 INFO L290 TraceCheckUtils]: 152: Hoare triple {21612#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {21612#false} is VALID [2022-02-20 18:02:18,793 INFO L272 TraceCheckUtils]: 153: Hoare triple {21612#false} call setEmailFrom(~msg#1, ~tmp~17#1); {21612#false} is VALID [2022-02-20 18:02:18,793 INFO L290 TraceCheckUtils]: 154: Hoare triple {21612#false} ~handle := #in~handle;~value := #in~value; {21612#false} is VALID [2022-02-20 18:02:18,794 INFO L290 TraceCheckUtils]: 155: Hoare triple {21612#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21612#false} is VALID [2022-02-20 18:02:18,794 INFO L290 TraceCheckUtils]: 156: Hoare triple {21612#false} assume true; {21612#false} is VALID [2022-02-20 18:02:18,794 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {21612#false} {21612#false} #1663#return; {21612#false} is VALID [2022-02-20 18:02:18,794 INFO L290 TraceCheckUtils]: 158: Hoare triple {21612#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {21612#false} is VALID [2022-02-20 18:02:18,794 INFO L272 TraceCheckUtils]: 159: Hoare triple {21612#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {21612#false} is VALID [2022-02-20 18:02:18,794 INFO L290 TraceCheckUtils]: 160: Hoare triple {21612#false} ~handle := #in~handle;havoc ~retValue_acc~35; {21612#false} is VALID [2022-02-20 18:02:18,794 INFO L290 TraceCheckUtils]: 161: Hoare triple {21612#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {21612#false} is VALID [2022-02-20 18:02:18,794 INFO L290 TraceCheckUtils]: 162: Hoare triple {21612#false} assume true; {21612#false} is VALID [2022-02-20 18:02:18,795 INFO L284 TraceCheckUtils]: 163: Hoare quadruple {21612#false} {21612#false} #1665#return; {21612#false} is VALID [2022-02-20 18:02:18,795 INFO L290 TraceCheckUtils]: 164: Hoare triple {21612#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {21612#false} is VALID [2022-02-20 18:02:18,795 INFO L290 TraceCheckUtils]: 165: Hoare triple {21612#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {21612#false} is VALID [2022-02-20 18:02:18,795 INFO L272 TraceCheckUtils]: 166: Hoare triple {21612#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {21612#false} is VALID [2022-02-20 18:02:18,795 INFO L290 TraceCheckUtils]: 167: Hoare triple {21612#false} ~handle := #in~handle;havoc ~retValue_acc~32; {21612#false} is VALID [2022-02-20 18:02:18,795 INFO L290 TraceCheckUtils]: 168: Hoare triple {21612#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {21612#false} is VALID [2022-02-20 18:02:18,796 INFO L290 TraceCheckUtils]: 169: Hoare triple {21612#false} assume true; {21612#false} is VALID [2022-02-20 18:02:18,796 INFO L284 TraceCheckUtils]: 170: Hoare quadruple {21612#false} {21612#false} #1667#return; {21612#false} is VALID [2022-02-20 18:02:18,796 INFO L290 TraceCheckUtils]: 171: Hoare triple {21612#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {21612#false} is VALID [2022-02-20 18:02:18,796 INFO L290 TraceCheckUtils]: 172: Hoare triple {21612#false} assume 1 == ~sent_encrypted~0; {21612#false} is VALID [2022-02-20 18:02:18,796 INFO L272 TraceCheckUtils]: 173: Hoare triple {21612#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {21612#false} is VALID [2022-02-20 18:02:18,796 INFO L290 TraceCheckUtils]: 174: Hoare triple {21612#false} ~handle := #in~handle;havoc ~retValue_acc~19; {21612#false} is VALID [2022-02-20 18:02:18,797 INFO L290 TraceCheckUtils]: 175: Hoare triple {21612#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {21612#false} is VALID [2022-02-20 18:02:18,797 INFO L290 TraceCheckUtils]: 176: Hoare triple {21612#false} assume true; {21612#false} is VALID [2022-02-20 18:02:18,797 INFO L284 TraceCheckUtils]: 177: Hoare quadruple {21612#false} {21612#false} #1669#return; {21612#false} is VALID [2022-02-20 18:02:18,797 INFO L290 TraceCheckUtils]: 178: Hoare triple {21612#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {21612#false} is VALID [2022-02-20 18:02:18,797 INFO L272 TraceCheckUtils]: 179: Hoare triple {21612#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {21612#false} is VALID [2022-02-20 18:02:18,797 INFO L290 TraceCheckUtils]: 180: Hoare triple {21612#false} ~handle := #in~handle;havoc ~retValue_acc~36; {21612#false} is VALID [2022-02-20 18:02:18,797 INFO L290 TraceCheckUtils]: 181: Hoare triple {21612#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {21612#false} is VALID [2022-02-20 18:02:18,797 INFO L290 TraceCheckUtils]: 182: Hoare triple {21612#false} assume true; {21612#false} is VALID [2022-02-20 18:02:18,798 INFO L284 TraceCheckUtils]: 183: Hoare quadruple {21612#false} {21612#false} #1671#return; {21612#false} is VALID [2022-02-20 18:02:18,798 INFO L290 TraceCheckUtils]: 184: Hoare triple {21612#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {21612#false} is VALID [2022-02-20 18:02:18,798 INFO L272 TraceCheckUtils]: 185: Hoare triple {21612#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {21612#false} is VALID [2022-02-20 18:02:18,798 INFO L290 TraceCheckUtils]: 186: Hoare triple {21612#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {21612#false} is VALID [2022-02-20 18:02:18,798 INFO L290 TraceCheckUtils]: 187: Hoare triple {21612#false} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {21612#false} is VALID [2022-02-20 18:02:18,823 INFO L290 TraceCheckUtils]: 188: Hoare triple {21612#false} assume true; {21612#false} is VALID [2022-02-20 18:02:18,824 INFO L284 TraceCheckUtils]: 189: Hoare quadruple {21612#false} {21612#false} #1673#return; {21612#false} is VALID [2022-02-20 18:02:18,824 INFO L290 TraceCheckUtils]: 190: Hoare triple {21612#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {21612#false} is VALID [2022-02-20 18:02:18,824 INFO L290 TraceCheckUtils]: 191: Hoare triple {21612#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {21612#false} is VALID [2022-02-20 18:02:18,824 INFO L290 TraceCheckUtils]: 192: Hoare triple {21612#false} assume !false; {21612#false} is VALID [2022-02-20 18:02:18,824 INFO L134 CoverageAnalysis]: Checked inductivity of 116 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 116 trivial. 0 not checked. [2022-02-20 18:02:18,825 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:18,825 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1658688174] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:18,825 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:18,825 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 18:02:18,825 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [19628280] [2022-02-20 18:02:18,825 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:18,826 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 34.0) internal successors, (102), 3 states have internal predecessors, (102), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) Word has length 193 [2022-02-20 18:02:18,826 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:18,827 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 34.0) internal successors, (102), 3 states have internal predecessors, (102), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) [2022-02-20 18:02:18,943 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 161 edges. 161 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:18,943 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:02:18,943 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:18,944 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:02:18,944 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:02:18,945 INFO L87 Difference]: Start difference. First operand 596 states and 856 transitions. Second operand has 3 states, 3 states have (on average 34.0) internal successors, (102), 3 states have internal predecessors, (102), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) [2022-02-20 18:02:19,582 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:19,582 INFO L93 Difference]: Finished difference Result 927 states and 1313 transitions. [2022-02-20 18:02:19,583 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:02:19,583 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 34.0) internal successors, (102), 3 states have internal predecessors, (102), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) Word has length 193 [2022-02-20 18:02:19,583 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:19,583 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 34.0) internal successors, (102), 3 states have internal predecessors, (102), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) [2022-02-20 18:02:19,593 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1311 transitions. [2022-02-20 18:02:19,594 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 34.0) internal successors, (102), 3 states have internal predecessors, (102), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) [2022-02-20 18:02:19,603 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1311 transitions. [2022-02-20 18:02:19,604 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1311 transitions. [2022-02-20 18:02:20,411 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1311 edges. 1311 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:20,431 INFO L225 Difference]: With dead ends: 927 [2022-02-20 18:02:20,431 INFO L226 Difference]: Without dead ends: 599 [2022-02-20 18:02:20,433 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 252 GetRequests, 241 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:02:20,436 INFO L933 BasicCegarLoop]: 852 mSDtfsCounter, 1 mSDsluCounter, 850 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1702 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:20,437 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1702 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:20,438 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 599 states. [2022-02-20 18:02:20,456 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 599 to 598. [2022-02-20 18:02:20,456 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:20,457 INFO L82 GeneralOperation]: Start isEquivalent. First operand 599 states. Second operand has 598 states, 448 states have (on average 1.4486607142857142) internal successors, (649), 459 states have internal predecessors, (649), 105 states have call successors, (105), 44 states have call predecessors, (105), 44 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 18:02:20,458 INFO L74 IsIncluded]: Start isIncluded. First operand 599 states. Second operand has 598 states, 448 states have (on average 1.4486607142857142) internal successors, (649), 459 states have internal predecessors, (649), 105 states have call successors, (105), 44 states have call predecessors, (105), 44 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 18:02:20,459 INFO L87 Difference]: Start difference. First operand 599 states. Second operand has 598 states, 448 states have (on average 1.4486607142857142) internal successors, (649), 459 states have internal predecessors, (649), 105 states have call successors, (105), 44 states have call predecessors, (105), 44 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 18:02:20,474 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:20,475 INFO L93 Difference]: Finished difference Result 599 states and 859 transitions. [2022-02-20 18:02:20,475 INFO L276 IsEmpty]: Start isEmpty. Operand 599 states and 859 transitions. [2022-02-20 18:02:20,476 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:20,476 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:20,477 INFO L74 IsIncluded]: Start isIncluded. First operand has 598 states, 448 states have (on average 1.4486607142857142) internal successors, (649), 459 states have internal predecessors, (649), 105 states have call successors, (105), 44 states have call predecessors, (105), 44 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) Second operand 599 states. [2022-02-20 18:02:20,478 INFO L87 Difference]: Start difference. First operand has 598 states, 448 states have (on average 1.4486607142857142) internal successors, (649), 459 states have internal predecessors, (649), 105 states have call successors, (105), 44 states have call predecessors, (105), 44 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) Second operand 599 states. [2022-02-20 18:02:20,493 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:20,494 INFO L93 Difference]: Finished difference Result 599 states and 859 transitions. [2022-02-20 18:02:20,494 INFO L276 IsEmpty]: Start isEmpty. Operand 599 states and 859 transitions. [2022-02-20 18:02:20,495 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:20,495 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:20,495 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:20,496 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:20,497 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 598 states, 448 states have (on average 1.4486607142857142) internal successors, (649), 459 states have internal predecessors, (649), 105 states have call successors, (105), 44 states have call predecessors, (105), 44 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 18:02:20,527 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 598 states to 598 states and 858 transitions. [2022-02-20 18:02:20,527 INFO L78 Accepts]: Start accepts. Automaton has 598 states and 858 transitions. Word has length 193 [2022-02-20 18:02:20,528 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:20,528 INFO L470 AbstractCegarLoop]: Abstraction has 598 states and 858 transitions. [2022-02-20 18:02:20,528 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 34.0) internal successors, (102), 3 states have internal predecessors, (102), 2 states have call successors, (32), 2 states have call predecessors, (32), 2 states have return successors, (27), 2 states have call predecessors, (27), 2 states have call successors, (27) [2022-02-20 18:02:20,528 INFO L276 IsEmpty]: Start isEmpty. Operand 598 states and 858 transitions. [2022-02-20 18:02:20,531 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 209 [2022-02-20 18:02:20,531 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:20,531 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:20,557 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 18:02:20,750 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable5 [2022-02-20 18:02:20,751 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:20,751 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:20,751 INFO L85 PathProgramCache]: Analyzing trace with hash -2056474531, now seen corresponding path program 1 times [2022-02-20 18:02:20,751 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:20,751 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1751843263] [2022-02-20 18:02:20,751 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:20,751 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:20,826 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,889 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:02:20,891 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,893 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:20,894 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:20,894 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25624#true} {25624#true} #1741#return; {25624#true} is VALID [2022-02-20 18:02:20,894 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:02:20,895 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,897 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:20,897 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:20,897 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25624#true} {25624#true} #1743#return; {25624#true} is VALID [2022-02-20 18:02:20,897 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:02:20,898 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,900 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:20,900 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:20,900 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25624#true} {25624#true} #1745#return; {25624#true} is VALID [2022-02-20 18:02:20,900 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:20,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,910 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:20,910 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:20,911 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25624#true} {25624#true} #1747#return; {25624#true} is VALID [2022-02-20 18:02:20,911 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:02:20,912 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,914 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:20,914 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:20,914 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25624#true} {25624#true} #1749#return; {25624#true} is VALID [2022-02-20 18:02:20,914 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:02:20,915 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,932 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:20,932 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:20,932 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25624#true} {25624#true} #1751#return; {25624#true} is VALID [2022-02-20 18:02:20,932 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:02:20,934 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,936 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:20,936 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:20,936 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25624#true} {25624#true} #1753#return; {25624#true} is VALID [2022-02-20 18:02:20,937 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:02:20,938 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,940 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:20,940 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:20,940 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25624#true} {25624#true} #1755#return; {25624#true} is VALID [2022-02-20 18:02:20,945 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:02:20,948 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,950 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:20,950 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,952 INFO L290 TraceCheckUtils]: 0: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:20,952 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:20,952 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:20,952 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25624#true} #1739#return; {25624#true} is VALID [2022-02-20 18:02:20,952 INFO L290 TraceCheckUtils]: 0: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25624#true} is VALID [2022-02-20 18:02:20,953 INFO L272 TraceCheckUtils]: 1: Hoare triple {25624#true} call setClientId(~bob___0, ~bob___0); {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:20,953 INFO L290 TraceCheckUtils]: 2: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:20,953 INFO L290 TraceCheckUtils]: 3: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:20,953 INFO L290 TraceCheckUtils]: 4: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:20,953 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25624#true} {25624#true} #1739#return; {25624#true} is VALID [2022-02-20 18:02:20,953 INFO L290 TraceCheckUtils]: 6: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:20,953 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25624#true} {25624#true} #1757#return; {25624#true} is VALID [2022-02-20 18:02:20,959 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:02:20,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,963 INFO L290 TraceCheckUtils]: 0: Hoare triple {25738#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:20,963 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:20,963 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:20,963 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25624#true} #1759#return; {25624#true} is VALID [2022-02-20 18:02:20,964 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:02:20,965 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,979 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:20,980 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:20,997 INFO L290 TraceCheckUtils]: 0: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25745#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:20,998 INFO L290 TraceCheckUtils]: 1: Hoare triple {25745#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25746#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:20,998 INFO L290 TraceCheckUtils]: 2: Hoare triple {25746#(= |setClientId_#in~handle| 1)} assume true; {25746#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:20,999 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25746#(= |setClientId_#in~handle| 1)} {25739#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1691#return; {25744#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:20,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25739#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:21,000 INFO L272 TraceCheckUtils]: 1: Hoare triple {25739#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:21,000 INFO L290 TraceCheckUtils]: 2: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25745#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:21,000 INFO L290 TraceCheckUtils]: 3: Hoare triple {25745#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25746#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:21,000 INFO L290 TraceCheckUtils]: 4: Hoare triple {25746#(= |setClientId_#in~handle| 1)} assume true; {25746#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:21,001 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25746#(= |setClientId_#in~handle| 1)} {25739#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1691#return; {25744#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:21,001 INFO L290 TraceCheckUtils]: 6: Hoare triple {25744#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {25744#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:21,002 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25744#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {25663#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1763#return; {25625#false} is VALID [2022-02-20 18:02:21,002 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:02:21,003 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,005 INFO L290 TraceCheckUtils]: 0: Hoare triple {25738#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,005 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,005 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,005 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25625#false} #1765#return; {25625#false} is VALID [2022-02-20 18:02:21,005 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:02:21,007 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,012 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:21,012 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,014 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,014 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,014 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25624#true} #1629#return; {25624#true} is VALID [2022-02-20 18:02:21,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25624#true} is VALID [2022-02-20 18:02:21,015 INFO L272 TraceCheckUtils]: 1: Hoare triple {25624#true} call setClientId(~chuck___0, ~chuck___0); {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:21,015 INFO L290 TraceCheckUtils]: 2: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,015 INFO L290 TraceCheckUtils]: 3: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,015 INFO L290 TraceCheckUtils]: 4: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,015 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25624#true} {25624#true} #1629#return; {25624#true} is VALID [2022-02-20 18:02:21,015 INFO L290 TraceCheckUtils]: 6: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,015 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25624#true} {25625#false} #1769#return; {25625#false} is VALID [2022-02-20 18:02:21,015 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:02:21,018 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,020 INFO L290 TraceCheckUtils]: 0: Hoare triple {25738#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,020 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,020 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,020 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25625#false} #1771#return; {25625#false} is VALID [2022-02-20 18:02:21,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:02:21,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {25751#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,030 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,030 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,030 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25625#false} #1651#return; {25625#false} is VALID [2022-02-20 18:02:21,039 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 18:02:21,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {25752#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,042 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25625#false} #1653#return; {25625#false} is VALID [2022-02-20 18:02:21,042 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 140 [2022-02-20 18:02:21,044 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,045 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} ~handle := #in~handle;havoc ~retValue_acc~13; {25624#true} is VALID [2022-02-20 18:02:21,045 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~13; {25624#true} is VALID [2022-02-20 18:02:21,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,045 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25625#false} #1631#return; {25625#false} is VALID [2022-02-20 18:02:21,045 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-02-20 18:02:21,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,047 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} ~handle := #in~handle;havoc ~retValue_acc~32; {25624#true} is VALID [2022-02-20 18:02:21,047 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {25624#true} is VALID [2022-02-20 18:02:21,047 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,048 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25625#false} #1617#return; {25625#false} is VALID [2022-02-20 18:02:21,048 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 156 [2022-02-20 18:02:21,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,050 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {25624#true} is VALID [2022-02-20 18:02:21,050 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle; {25624#true} is VALID [2022-02-20 18:02:21,050 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {25624#true} is VALID [2022-02-20 18:02:21,050 INFO L290 TraceCheckUtils]: 3: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,050 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25624#true} {25625#false} #1619#return; {25625#false} is VALID [2022-02-20 18:02:21,050 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 168 [2022-02-20 18:02:21,050 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,052 INFO L290 TraceCheckUtils]: 0: Hoare triple {25751#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,052 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,052 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,052 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25625#false} #1663#return; {25625#false} is VALID [2022-02-20 18:02:21,052 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 174 [2022-02-20 18:02:21,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,054 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} ~handle := #in~handle;havoc ~retValue_acc~35; {25624#true} is VALID [2022-02-20 18:02:21,054 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {25624#true} is VALID [2022-02-20 18:02:21,054 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,054 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25625#false} #1665#return; {25625#false} is VALID [2022-02-20 18:02:21,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 181 [2022-02-20 18:02:21,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,056 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} ~handle := #in~handle;havoc ~retValue_acc~32; {25624#true} is VALID [2022-02-20 18:02:21,056 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {25624#true} is VALID [2022-02-20 18:02:21,056 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,057 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25625#false} #1667#return; {25625#false} is VALID [2022-02-20 18:02:21,057 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 188 [2022-02-20 18:02:21,057 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,058 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} ~handle := #in~handle;havoc ~retValue_acc~19; {25624#true} is VALID [2022-02-20 18:02:21,058 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {25624#true} is VALID [2022-02-20 18:02:21,059 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,059 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25625#false} #1669#return; {25625#false} is VALID [2022-02-20 18:02:21,059 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 194 [2022-02-20 18:02:21,059 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,060 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25624#true} is VALID [2022-02-20 18:02:21,061 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {25624#true} is VALID [2022-02-20 18:02:21,061 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,061 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25625#false} #1671#return; {25625#false} is VALID [2022-02-20 18:02:21,061 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 200 [2022-02-20 18:02:21,061 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,063 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {25624#true} is VALID [2022-02-20 18:02:21,063 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {25624#true} is VALID [2022-02-20 18:02:21,063 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,063 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25624#true} {25625#false} #1673#return; {25625#false} is VALID [2022-02-20 18:02:21,063 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {25624#true} is VALID [2022-02-20 18:02:21,063 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25624#true} is VALID [2022-02-20 18:02:21,063 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L272 TraceCheckUtils]: 3: Hoare triple {25624#true} call select_features_#t~ret58#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L290 TraceCheckUtils]: 4: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L290 TraceCheckUtils]: 5: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25624#true} {25624#true} #1741#return; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L290 TraceCheckUtils]: 7: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L272 TraceCheckUtils]: 8: Hoare triple {25624#true} call select_features_#t~ret59#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L290 TraceCheckUtils]: 9: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L290 TraceCheckUtils]: 10: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25624#true} {25624#true} #1743#return; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L290 TraceCheckUtils]: 12: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L272 TraceCheckUtils]: 13: Hoare triple {25624#true} call select_features_#t~ret60#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L290 TraceCheckUtils]: 14: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L290 TraceCheckUtils]: 15: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25624#true} {25624#true} #1745#return; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L290 TraceCheckUtils]: 17: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L272 TraceCheckUtils]: 18: Hoare triple {25624#true} call select_features_#t~ret61#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L290 TraceCheckUtils]: 19: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L290 TraceCheckUtils]: 20: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25624#true} {25624#true} #1747#return; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L290 TraceCheckUtils]: 22: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {25624#true} is VALID [2022-02-20 18:02:21,064 INFO L272 TraceCheckUtils]: 23: Hoare triple {25624#true} call select_features_#t~ret62#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 24: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 25: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25624#true} {25624#true} #1749#return; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 27: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L272 TraceCheckUtils]: 28: Hoare triple {25624#true} call select_features_#t~ret63#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 29: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 30: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25624#true} {25624#true} #1751#return; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 32: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L272 TraceCheckUtils]: 33: Hoare triple {25624#true} call select_features_#t~ret64#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 34: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 35: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25624#true} {25624#true} #1753#return; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 37: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L272 TraceCheckUtils]: 38: Hoare triple {25624#true} call select_features_#t~ret65#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 39: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 40: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25624#true} {25624#true} #1755#return; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 42: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {25624#true} is VALID [2022-02-20 18:02:21,065 INFO L290 TraceCheckUtils]: 43: Hoare triple {25624#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {25624#true} is VALID [2022-02-20 18:02:21,066 INFO L290 TraceCheckUtils]: 44: Hoare triple {25624#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25624#true} is VALID [2022-02-20 18:02:21,066 INFO L290 TraceCheckUtils]: 45: Hoare triple {25624#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {25624#true} is VALID [2022-02-20 18:02:21,066 INFO L290 TraceCheckUtils]: 46: Hoare triple {25624#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {25624#true} is VALID [2022-02-20 18:02:21,066 INFO L290 TraceCheckUtils]: 47: Hoare triple {25624#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {25624#true} is VALID [2022-02-20 18:02:21,066 INFO L290 TraceCheckUtils]: 48: Hoare triple {25624#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25624#true} is VALID [2022-02-20 18:02:21,066 INFO L290 TraceCheckUtils]: 49: Hoare triple {25624#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {25624#true} is VALID [2022-02-20 18:02:21,066 INFO L290 TraceCheckUtils]: 50: Hoare triple {25624#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25624#true} is VALID [2022-02-20 18:02:21,066 INFO L290 TraceCheckUtils]: 51: Hoare triple {25624#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {25624#true} is VALID [2022-02-20 18:02:21,068 INFO L290 TraceCheckUtils]: 52: Hoare triple {25624#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25624#true} is VALID [2022-02-20 18:02:21,068 INFO L290 TraceCheckUtils]: 53: Hoare triple {25624#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~9#1 := 1; {25624#true} is VALID [2022-02-20 18:02:21,068 INFO L290 TraceCheckUtils]: 54: Hoare triple {25624#true} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {25624#true} is VALID [2022-02-20 18:02:21,068 INFO L290 TraceCheckUtils]: 55: Hoare triple {25624#true} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {25624#true} is VALID [2022-02-20 18:02:21,068 INFO L290 TraceCheckUtils]: 56: Hoare triple {25624#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25624#true} is VALID [2022-02-20 18:02:21,068 INFO L290 TraceCheckUtils]: 57: Hoare triple {25624#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {25624#true} is VALID [2022-02-20 18:02:21,069 INFO L272 TraceCheckUtils]: 58: Hoare triple {25624#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:21,069 INFO L290 TraceCheckUtils]: 59: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25624#true} is VALID [2022-02-20 18:02:21,069 INFO L272 TraceCheckUtils]: 60: Hoare triple {25624#true} call setClientId(~bob___0, ~bob___0); {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:21,069 INFO L290 TraceCheckUtils]: 61: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,069 INFO L290 TraceCheckUtils]: 62: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,070 INFO L290 TraceCheckUtils]: 63: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,070 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25624#true} {25624#true} #1739#return; {25624#true} is VALID [2022-02-20 18:02:21,070 INFO L290 TraceCheckUtils]: 65: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,070 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25624#true} {25624#true} #1757#return; {25624#true} is VALID [2022-02-20 18:02:21,070 INFO L272 TraceCheckUtils]: 67: Hoare triple {25624#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {25738#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:21,070 INFO L290 TraceCheckUtils]: 68: Hoare triple {25738#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,070 INFO L290 TraceCheckUtils]: 69: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,071 INFO L290 TraceCheckUtils]: 70: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,071 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25624#true} {25624#true} #1759#return; {25624#true} is VALID [2022-02-20 18:02:21,071 INFO L290 TraceCheckUtils]: 72: Hoare triple {25624#true} assume { :end_inline_setup_bob__role__Keys } true; {25624#true} is VALID [2022-02-20 18:02:21,071 INFO L290 TraceCheckUtils]: 73: Hoare triple {25624#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25662#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:21,071 INFO L290 TraceCheckUtils]: 74: Hoare triple {25662#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {25663#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:21,072 INFO L272 TraceCheckUtils]: 75: Hoare triple {25663#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:21,072 INFO L290 TraceCheckUtils]: 76: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25739#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:21,073 INFO L272 TraceCheckUtils]: 77: Hoare triple {25739#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:21,073 INFO L290 TraceCheckUtils]: 78: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25745#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:21,074 INFO L290 TraceCheckUtils]: 79: Hoare triple {25745#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25746#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:21,074 INFO L290 TraceCheckUtils]: 80: Hoare triple {25746#(= |setClientId_#in~handle| 1)} assume true; {25746#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:21,074 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25746#(= |setClientId_#in~handle| 1)} {25739#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1691#return; {25744#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:21,075 INFO L290 TraceCheckUtils]: 82: Hoare triple {25744#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {25744#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:21,075 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {25744#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {25663#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1763#return; {25625#false} is VALID [2022-02-20 18:02:21,075 INFO L272 TraceCheckUtils]: 84: Hoare triple {25625#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {25738#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:21,075 INFO L290 TraceCheckUtils]: 85: Hoare triple {25738#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,075 INFO L290 TraceCheckUtils]: 86: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,075 INFO L290 TraceCheckUtils]: 87: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,075 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25624#true} {25625#false} #1765#return; {25625#false} is VALID [2022-02-20 18:02:21,075 INFO L290 TraceCheckUtils]: 89: Hoare triple {25625#false} assume { :end_inline_setup_rjh__role__Keys } true; {25625#false} is VALID [2022-02-20 18:02:21,075 INFO L290 TraceCheckUtils]: 90: Hoare triple {25625#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25625#false} is VALID [2022-02-20 18:02:21,075 INFO L290 TraceCheckUtils]: 91: Hoare triple {25625#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {25625#false} is VALID [2022-02-20 18:02:21,075 INFO L272 TraceCheckUtils]: 92: Hoare triple {25625#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:21,076 INFO L290 TraceCheckUtils]: 93: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25624#true} is VALID [2022-02-20 18:02:21,076 INFO L272 TraceCheckUtils]: 94: Hoare triple {25624#true} call setClientId(~chuck___0, ~chuck___0); {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:21,076 INFO L290 TraceCheckUtils]: 95: Hoare triple {25733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,076 INFO L290 TraceCheckUtils]: 96: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,076 INFO L290 TraceCheckUtils]: 97: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,076 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {25624#true} {25624#true} #1629#return; {25624#true} is VALID [2022-02-20 18:02:21,076 INFO L290 TraceCheckUtils]: 99: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,076 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {25624#true} {25625#false} #1769#return; {25625#false} is VALID [2022-02-20 18:02:21,076 INFO L272 TraceCheckUtils]: 101: Hoare triple {25625#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {25738#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:21,076 INFO L290 TraceCheckUtils]: 102: Hoare triple {25738#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 103: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 104: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,077 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {25624#true} {25625#false} #1771#return; {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 106: Hoare triple {25625#false} assume { :end_inline_setup_chuck__role__Keys } true; {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 107: Hoare triple {25625#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 108: Hoare triple {25625#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 109: Hoare triple {25625#false} assume !false; {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 110: Hoare triple {25625#false} assume test_~splverifierCounter~0#1 < 4; {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 111: Hoare triple {25625#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 112: Hoare triple {25625#false} assume !(0 == test_~op1~0#1); {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 113: Hoare triple {25625#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 114: Hoare triple {25625#false} assume 0 != test_~tmp___8~0#1; {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 115: Hoare triple {25625#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 116: Hoare triple {25625#false} test_~op2~0#1 := 1; {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 117: Hoare triple {25625#false} assume !false; {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 118: Hoare triple {25625#false} assume !(test_~splverifierCounter~0#1 < 4); {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 119: Hoare triple {25625#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L272 TraceCheckUtils]: 120: Hoare triple {25625#false} call sendEmail(~bob~0, ~rjh~0); {25625#false} is VALID [2022-02-20 18:02:21,077 INFO L290 TraceCheckUtils]: 121: Hoare triple {25625#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25625#false} is VALID [2022-02-20 18:02:21,078 INFO L272 TraceCheckUtils]: 122: Hoare triple {25625#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25751#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:21,078 INFO L290 TraceCheckUtils]: 123: Hoare triple {25751#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,078 INFO L290 TraceCheckUtils]: 124: Hoare triple {25624#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,078 INFO L290 TraceCheckUtils]: 125: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,078 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {25624#true} {25625#false} #1651#return; {25625#false} is VALID [2022-02-20 18:02:21,078 INFO L272 TraceCheckUtils]: 127: Hoare triple {25625#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25752#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:21,078 INFO L290 TraceCheckUtils]: 128: Hoare triple {25752#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,078 INFO L290 TraceCheckUtils]: 129: Hoare triple {25624#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,079 INFO L290 TraceCheckUtils]: 130: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,079 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25624#true} {25625#false} #1653#return; {25625#false} is VALID [2022-02-20 18:02:21,079 INFO L290 TraceCheckUtils]: 132: Hoare triple {25625#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {25625#false} is VALID [2022-02-20 18:02:21,079 INFO L290 TraceCheckUtils]: 133: Hoare triple {25625#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {25625#false} is VALID [2022-02-20 18:02:21,079 INFO L272 TraceCheckUtils]: 134: Hoare triple {25625#false} call outgoing(~sender#1, ~email~0#1); {25625#false} is VALID [2022-02-20 18:02:21,079 INFO L290 TraceCheckUtils]: 135: Hoare triple {25625#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25625#false} is VALID [2022-02-20 18:02:21,079 INFO L290 TraceCheckUtils]: 136: Hoare triple {25625#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {25625#false} is VALID [2022-02-20 18:02:21,079 INFO L272 TraceCheckUtils]: 137: Hoare triple {25625#false} call outgoing__before__Sign(~client#1, ~msg#1); {25625#false} is VALID [2022-02-20 18:02:21,079 INFO L290 TraceCheckUtils]: 138: Hoare triple {25625#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25625#false} is VALID [2022-02-20 18:02:21,079 INFO L290 TraceCheckUtils]: 139: Hoare triple {25625#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret105#1, outgoing__role__AddressBook_#t~ret106#1, outgoing__role__AddressBook_#t~ret107#1, outgoing__role__AddressBook_#t~ret108#1, outgoing__role__AddressBook_#t~ret109#1, outgoing__role__AddressBook_#t~ret110#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~2#1, outgoing__role__AddressBook_~tmp~19#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~8#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~4#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~2#1;havoc outgoing__role__AddressBook_~tmp~19#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~8#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~4#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {25625#false} is VALID [2022-02-20 18:02:21,079 INFO L272 TraceCheckUtils]: 140: Hoare triple {25625#false} call outgoing__role__AddressBook_#t~ret105#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {25624#true} is VALID [2022-02-20 18:02:21,079 INFO L290 TraceCheckUtils]: 141: Hoare triple {25624#true} ~handle := #in~handle;havoc ~retValue_acc~13; {25624#true} is VALID [2022-02-20 18:02:21,079 INFO L290 TraceCheckUtils]: 142: Hoare triple {25624#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~13; {25624#true} is VALID [2022-02-20 18:02:21,079 INFO L290 TraceCheckUtils]: 143: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,080 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {25624#true} {25625#false} #1631#return; {25625#false} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 145: Hoare triple {25625#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret105#1 && outgoing__role__AddressBook_#t~ret105#1 <= 2147483647;outgoing__role__AddressBook_~tmp~19#1 := outgoing__role__AddressBook_#t~ret105#1;havoc outgoing__role__AddressBook_#t~ret105#1;outgoing__role__AddressBook_~size~2#1 := outgoing__role__AddressBook_~tmp~19#1; {25625#false} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 146: Hoare triple {25625#false} assume !(0 != outgoing__role__AddressBook_~size~2#1); {25625#false} is VALID [2022-02-20 18:02:21,080 INFO L272 TraceCheckUtils]: 147: Hoare triple {25625#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {25625#false} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 148: Hoare triple {25625#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25625#false} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 149: Hoare triple {25625#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret103#1, outgoing__role__Encrypt_#t~ret104#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~18#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~7#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~18#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~7#1; {25625#false} is VALID [2022-02-20 18:02:21,080 INFO L272 TraceCheckUtils]: 150: Hoare triple {25625#false} call outgoing__role__Encrypt_#t~ret103#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {25624#true} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 151: Hoare triple {25624#true} ~handle := #in~handle;havoc ~retValue_acc~32; {25624#true} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 152: Hoare triple {25624#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {25624#true} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 153: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,080 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {25624#true} {25625#false} #1617#return; {25625#false} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 155: Hoare triple {25625#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret103#1 && outgoing__role__Encrypt_#t~ret103#1 <= 2147483647;outgoing__role__Encrypt_~tmp~18#1 := outgoing__role__Encrypt_#t~ret103#1;havoc outgoing__role__Encrypt_#t~ret103#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~18#1; {25625#false} is VALID [2022-02-20 18:02:21,080 INFO L272 TraceCheckUtils]: 156: Hoare triple {25625#false} call outgoing__role__Encrypt_#t~ret104#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {25624#true} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 157: Hoare triple {25624#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {25624#true} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 158: Hoare triple {25624#true} assume 1 == ~handle; {25624#true} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 159: Hoare triple {25624#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {25624#true} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 160: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,080 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {25624#true} {25625#false} #1619#return; {25625#false} is VALID [2022-02-20 18:02:21,080 INFO L290 TraceCheckUtils]: 162: Hoare triple {25625#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret104#1 && outgoing__role__Encrypt_#t~ret104#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~7#1 := outgoing__role__Encrypt_#t~ret104#1;havoc outgoing__role__Encrypt_#t~ret104#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~7#1; {25625#false} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 163: Hoare triple {25625#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {25625#false} is VALID [2022-02-20 18:02:21,081 INFO L272 TraceCheckUtils]: 164: Hoare triple {25625#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {25625#false} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 165: Hoare triple {25625#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {25625#false} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 166: Hoare triple {25625#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {25625#false} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 167: Hoare triple {25625#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {25625#false} is VALID [2022-02-20 18:02:21,081 INFO L272 TraceCheckUtils]: 168: Hoare triple {25625#false} call setEmailFrom(~msg#1, ~tmp~17#1); {25751#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 169: Hoare triple {25751#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 170: Hoare triple {25624#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 171: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,081 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {25624#true} {25625#false} #1663#return; {25625#false} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 173: Hoare triple {25625#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {25625#false} is VALID [2022-02-20 18:02:21,081 INFO L272 TraceCheckUtils]: 174: Hoare triple {25625#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {25624#true} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 175: Hoare triple {25624#true} ~handle := #in~handle;havoc ~retValue_acc~35; {25624#true} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 176: Hoare triple {25624#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {25624#true} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 177: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,081 INFO L284 TraceCheckUtils]: 178: Hoare quadruple {25624#true} {25625#false} #1665#return; {25625#false} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 179: Hoare triple {25625#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {25625#false} is VALID [2022-02-20 18:02:21,081 INFO L290 TraceCheckUtils]: 180: Hoare triple {25625#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {25625#false} is VALID [2022-02-20 18:02:21,082 INFO L272 TraceCheckUtils]: 181: Hoare triple {25625#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {25624#true} is VALID [2022-02-20 18:02:21,082 INFO L290 TraceCheckUtils]: 182: Hoare triple {25624#true} ~handle := #in~handle;havoc ~retValue_acc~32; {25624#true} is VALID [2022-02-20 18:02:21,082 INFO L290 TraceCheckUtils]: 183: Hoare triple {25624#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {25624#true} is VALID [2022-02-20 18:02:21,082 INFO L290 TraceCheckUtils]: 184: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,082 INFO L284 TraceCheckUtils]: 185: Hoare quadruple {25624#true} {25625#false} #1667#return; {25625#false} is VALID [2022-02-20 18:02:21,082 INFO L290 TraceCheckUtils]: 186: Hoare triple {25625#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {25625#false} is VALID [2022-02-20 18:02:21,082 INFO L290 TraceCheckUtils]: 187: Hoare triple {25625#false} assume 1 == ~sent_encrypted~0; {25625#false} is VALID [2022-02-20 18:02:21,082 INFO L272 TraceCheckUtils]: 188: Hoare triple {25625#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {25624#true} is VALID [2022-02-20 18:02:21,082 INFO L290 TraceCheckUtils]: 189: Hoare triple {25624#true} ~handle := #in~handle;havoc ~retValue_acc~19; {25624#true} is VALID [2022-02-20 18:02:21,082 INFO L290 TraceCheckUtils]: 190: Hoare triple {25624#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {25624#true} is VALID [2022-02-20 18:02:21,082 INFO L290 TraceCheckUtils]: 191: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,083 INFO L284 TraceCheckUtils]: 192: Hoare quadruple {25624#true} {25625#false} #1669#return; {25625#false} is VALID [2022-02-20 18:02:21,083 INFO L290 TraceCheckUtils]: 193: Hoare triple {25625#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {25625#false} is VALID [2022-02-20 18:02:21,083 INFO L272 TraceCheckUtils]: 194: Hoare triple {25625#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {25624#true} is VALID [2022-02-20 18:02:21,083 INFO L290 TraceCheckUtils]: 195: Hoare triple {25624#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25624#true} is VALID [2022-02-20 18:02:21,083 INFO L290 TraceCheckUtils]: 196: Hoare triple {25624#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {25624#true} is VALID [2022-02-20 18:02:21,083 INFO L290 TraceCheckUtils]: 197: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,083 INFO L284 TraceCheckUtils]: 198: Hoare quadruple {25624#true} {25625#false} #1671#return; {25625#false} is VALID [2022-02-20 18:02:21,083 INFO L290 TraceCheckUtils]: 199: Hoare triple {25625#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {25625#false} is VALID [2022-02-20 18:02:21,083 INFO L272 TraceCheckUtils]: 200: Hoare triple {25625#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {25624#true} is VALID [2022-02-20 18:02:21,083 INFO L290 TraceCheckUtils]: 201: Hoare triple {25624#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {25624#true} is VALID [2022-02-20 18:02:21,083 INFO L290 TraceCheckUtils]: 202: Hoare triple {25624#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {25624#true} is VALID [2022-02-20 18:02:21,083 INFO L290 TraceCheckUtils]: 203: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,083 INFO L284 TraceCheckUtils]: 204: Hoare quadruple {25624#true} {25625#false} #1673#return; {25625#false} is VALID [2022-02-20 18:02:21,083 INFO L290 TraceCheckUtils]: 205: Hoare triple {25625#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {25625#false} is VALID [2022-02-20 18:02:21,083 INFO L290 TraceCheckUtils]: 206: Hoare triple {25625#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {25625#false} is VALID [2022-02-20 18:02:21,083 INFO L290 TraceCheckUtils]: 207: Hoare triple {25625#false} assume !false; {25625#false} is VALID [2022-02-20 18:02:21,084 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 18:02:21,084 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:21,084 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1751843263] [2022-02-20 18:02:21,084 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1751843263] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:21,085 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1070474655] [2022-02-20 18:02:21,085 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:21,086 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:21,086 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:21,087 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:21,088 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:02:21,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,423 INFO L263 TraceCheckSpWp]: Trace formula consists of 1610 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:02:21,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,491 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:21,946 INFO L290 TraceCheckUtils]: 0: Hoare triple {25624#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {25624#true} is VALID [2022-02-20 18:02:21,946 INFO L290 TraceCheckUtils]: 1: Hoare triple {25624#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25624#true} is VALID [2022-02-20 18:02:21,947 INFO L290 TraceCheckUtils]: 2: Hoare triple {25624#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {25624#true} is VALID [2022-02-20 18:02:21,947 INFO L272 TraceCheckUtils]: 3: Hoare triple {25624#true} call select_features_#t~ret58#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,947 INFO L290 TraceCheckUtils]: 4: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,947 INFO L290 TraceCheckUtils]: 5: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,947 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25624#true} {25624#true} #1741#return; {25624#true} is VALID [2022-02-20 18:02:21,947 INFO L290 TraceCheckUtils]: 7: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {25624#true} is VALID [2022-02-20 18:02:21,947 INFO L272 TraceCheckUtils]: 8: Hoare triple {25624#true} call select_features_#t~ret59#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,949 INFO L290 TraceCheckUtils]: 9: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,949 INFO L290 TraceCheckUtils]: 10: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,949 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25624#true} {25624#true} #1743#return; {25624#true} is VALID [2022-02-20 18:02:21,949 INFO L290 TraceCheckUtils]: 12: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {25624#true} is VALID [2022-02-20 18:02:21,949 INFO L272 TraceCheckUtils]: 13: Hoare triple {25624#true} call select_features_#t~ret60#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,949 INFO L290 TraceCheckUtils]: 14: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,950 INFO L290 TraceCheckUtils]: 15: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,950 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25624#true} {25624#true} #1745#return; {25624#true} is VALID [2022-02-20 18:02:21,950 INFO L290 TraceCheckUtils]: 17: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {25624#true} is VALID [2022-02-20 18:02:21,950 INFO L272 TraceCheckUtils]: 18: Hoare triple {25624#true} call select_features_#t~ret61#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,950 INFO L290 TraceCheckUtils]: 19: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,950 INFO L290 TraceCheckUtils]: 20: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,950 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25624#true} {25624#true} #1747#return; {25624#true} is VALID [2022-02-20 18:02:21,951 INFO L290 TraceCheckUtils]: 22: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {25624#true} is VALID [2022-02-20 18:02:21,951 INFO L272 TraceCheckUtils]: 23: Hoare triple {25624#true} call select_features_#t~ret62#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,951 INFO L290 TraceCheckUtils]: 24: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,967 INFO L290 TraceCheckUtils]: 25: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,967 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25624#true} {25624#true} #1749#return; {25624#true} is VALID [2022-02-20 18:02:21,967 INFO L290 TraceCheckUtils]: 27: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {25624#true} is VALID [2022-02-20 18:02:21,968 INFO L272 TraceCheckUtils]: 28: Hoare triple {25624#true} call select_features_#t~ret63#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,968 INFO L290 TraceCheckUtils]: 29: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,968 INFO L290 TraceCheckUtils]: 30: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,968 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25624#true} {25624#true} #1751#return; {25624#true} is VALID [2022-02-20 18:02:21,968 INFO L290 TraceCheckUtils]: 32: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {25624#true} is VALID [2022-02-20 18:02:21,968 INFO L272 TraceCheckUtils]: 33: Hoare triple {25624#true} call select_features_#t~ret64#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,968 INFO L290 TraceCheckUtils]: 34: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,969 INFO L290 TraceCheckUtils]: 35: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,971 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25624#true} {25624#true} #1753#return; {25624#true} is VALID [2022-02-20 18:02:21,973 INFO L290 TraceCheckUtils]: 37: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {25624#true} is VALID [2022-02-20 18:02:21,973 INFO L272 TraceCheckUtils]: 38: Hoare triple {25624#true} call select_features_#t~ret65#1 := select_one(); {25624#true} is VALID [2022-02-20 18:02:21,973 INFO L290 TraceCheckUtils]: 39: Hoare triple {25624#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {25624#true} is VALID [2022-02-20 18:02:21,973 INFO L290 TraceCheckUtils]: 40: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,973 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25624#true} {25624#true} #1755#return; {25624#true} is VALID [2022-02-20 18:02:21,974 INFO L290 TraceCheckUtils]: 42: Hoare triple {25624#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {25624#true} is VALID [2022-02-20 18:02:21,974 INFO L290 TraceCheckUtils]: 43: Hoare triple {25624#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {25624#true} is VALID [2022-02-20 18:02:21,974 INFO L290 TraceCheckUtils]: 44: Hoare triple {25624#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25624#true} is VALID [2022-02-20 18:02:21,974 INFO L290 TraceCheckUtils]: 45: Hoare triple {25624#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {25624#true} is VALID [2022-02-20 18:02:21,974 INFO L290 TraceCheckUtils]: 46: Hoare triple {25624#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {25624#true} is VALID [2022-02-20 18:02:21,974 INFO L290 TraceCheckUtils]: 47: Hoare triple {25624#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {25624#true} is VALID [2022-02-20 18:02:21,974 INFO L290 TraceCheckUtils]: 48: Hoare triple {25624#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25624#true} is VALID [2022-02-20 18:02:21,975 INFO L290 TraceCheckUtils]: 49: Hoare triple {25624#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {25624#true} is VALID [2022-02-20 18:02:21,975 INFO L290 TraceCheckUtils]: 50: Hoare triple {25624#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25624#true} is VALID [2022-02-20 18:02:21,975 INFO L290 TraceCheckUtils]: 51: Hoare triple {25624#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {25624#true} is VALID [2022-02-20 18:02:21,975 INFO L290 TraceCheckUtils]: 52: Hoare triple {25624#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25624#true} is VALID [2022-02-20 18:02:21,975 INFO L290 TraceCheckUtils]: 53: Hoare triple {25624#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~9#1 := 1; {25624#true} is VALID [2022-02-20 18:02:21,975 INFO L290 TraceCheckUtils]: 54: Hoare triple {25624#true} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {25624#true} is VALID [2022-02-20 18:02:21,975 INFO L290 TraceCheckUtils]: 55: Hoare triple {25624#true} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {25624#true} is VALID [2022-02-20 18:02:21,976 INFO L290 TraceCheckUtils]: 56: Hoare triple {25624#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25624#true} is VALID [2022-02-20 18:02:21,976 INFO L290 TraceCheckUtils]: 57: Hoare triple {25624#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {25624#true} is VALID [2022-02-20 18:02:21,976 INFO L272 TraceCheckUtils]: 58: Hoare triple {25624#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {25624#true} is VALID [2022-02-20 18:02:21,976 INFO L290 TraceCheckUtils]: 59: Hoare triple {25624#true} ~bob___0 := #in~bob___0; {25624#true} is VALID [2022-02-20 18:02:21,976 INFO L272 TraceCheckUtils]: 60: Hoare triple {25624#true} call setClientId(~bob___0, ~bob___0); {25624#true} is VALID [2022-02-20 18:02:21,976 INFO L290 TraceCheckUtils]: 61: Hoare triple {25624#true} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,976 INFO L290 TraceCheckUtils]: 62: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,977 INFO L290 TraceCheckUtils]: 63: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,977 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25624#true} {25624#true} #1739#return; {25624#true} is VALID [2022-02-20 18:02:21,977 INFO L290 TraceCheckUtils]: 65: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,977 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25624#true} {25624#true} #1757#return; {25624#true} is VALID [2022-02-20 18:02:21,977 INFO L272 TraceCheckUtils]: 67: Hoare triple {25624#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {25624#true} is VALID [2022-02-20 18:02:21,977 INFO L290 TraceCheckUtils]: 68: Hoare triple {25624#true} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,977 INFO L290 TraceCheckUtils]: 69: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,977 INFO L290 TraceCheckUtils]: 70: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,978 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25624#true} {25624#true} #1759#return; {25624#true} is VALID [2022-02-20 18:02:21,978 INFO L290 TraceCheckUtils]: 72: Hoare triple {25624#true} assume { :end_inline_setup_bob__role__Keys } true; {25624#true} is VALID [2022-02-20 18:02:21,978 INFO L290 TraceCheckUtils]: 73: Hoare triple {25624#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25624#true} is VALID [2022-02-20 18:02:21,978 INFO L290 TraceCheckUtils]: 74: Hoare triple {25624#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {25624#true} is VALID [2022-02-20 18:02:21,978 INFO L272 TraceCheckUtils]: 75: Hoare triple {25624#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {25624#true} is VALID [2022-02-20 18:02:21,978 INFO L290 TraceCheckUtils]: 76: Hoare triple {25624#true} ~rjh___0 := #in~rjh___0; {25624#true} is VALID [2022-02-20 18:02:21,978 INFO L272 TraceCheckUtils]: 77: Hoare triple {25624#true} call setClientId(~rjh___0, ~rjh___0); {25624#true} is VALID [2022-02-20 18:02:21,979 INFO L290 TraceCheckUtils]: 78: Hoare triple {25624#true} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,979 INFO L290 TraceCheckUtils]: 79: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,979 INFO L290 TraceCheckUtils]: 80: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,979 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25624#true} {25624#true} #1691#return; {25624#true} is VALID [2022-02-20 18:02:21,979 INFO L290 TraceCheckUtils]: 82: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,979 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {25624#true} {25624#true} #1763#return; {25624#true} is VALID [2022-02-20 18:02:21,979 INFO L272 TraceCheckUtils]: 84: Hoare triple {25624#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {25624#true} is VALID [2022-02-20 18:02:21,980 INFO L290 TraceCheckUtils]: 85: Hoare triple {25624#true} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,980 INFO L290 TraceCheckUtils]: 86: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,980 INFO L290 TraceCheckUtils]: 87: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,980 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25624#true} {25624#true} #1765#return; {25624#true} is VALID [2022-02-20 18:02:21,980 INFO L290 TraceCheckUtils]: 89: Hoare triple {25624#true} assume { :end_inline_setup_rjh__role__Keys } true; {25624#true} is VALID [2022-02-20 18:02:21,980 INFO L290 TraceCheckUtils]: 90: Hoare triple {25624#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25624#true} is VALID [2022-02-20 18:02:21,980 INFO L290 TraceCheckUtils]: 91: Hoare triple {25624#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {25624#true} is VALID [2022-02-20 18:02:21,980 INFO L272 TraceCheckUtils]: 92: Hoare triple {25624#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {25624#true} is VALID [2022-02-20 18:02:21,981 INFO L290 TraceCheckUtils]: 93: Hoare triple {25624#true} ~chuck___0 := #in~chuck___0; {25624#true} is VALID [2022-02-20 18:02:21,981 INFO L272 TraceCheckUtils]: 94: Hoare triple {25624#true} call setClientId(~chuck___0, ~chuck___0); {25624#true} is VALID [2022-02-20 18:02:21,981 INFO L290 TraceCheckUtils]: 95: Hoare triple {25624#true} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,981 INFO L290 TraceCheckUtils]: 96: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,981 INFO L290 TraceCheckUtils]: 97: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,981 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {25624#true} {25624#true} #1629#return; {25624#true} is VALID [2022-02-20 18:02:21,981 INFO L290 TraceCheckUtils]: 99: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,981 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {25624#true} {25624#true} #1769#return; {25624#true} is VALID [2022-02-20 18:02:21,982 INFO L272 TraceCheckUtils]: 101: Hoare triple {25624#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {25624#true} is VALID [2022-02-20 18:02:21,982 INFO L290 TraceCheckUtils]: 102: Hoare triple {25624#true} ~handle := #in~handle;~value := #in~value; {25624#true} is VALID [2022-02-20 18:02:21,982 INFO L290 TraceCheckUtils]: 103: Hoare triple {25624#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25624#true} is VALID [2022-02-20 18:02:21,982 INFO L290 TraceCheckUtils]: 104: Hoare triple {25624#true} assume true; {25624#true} is VALID [2022-02-20 18:02:21,982 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {25624#true} {25624#true} #1771#return; {25624#true} is VALID [2022-02-20 18:02:21,982 INFO L290 TraceCheckUtils]: 106: Hoare triple {25624#true} assume { :end_inline_setup_chuck__role__Keys } true; {25624#true} is VALID [2022-02-20 18:02:21,982 INFO L290 TraceCheckUtils]: 107: Hoare triple {25624#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {25624#true} is VALID [2022-02-20 18:02:21,983 INFO L290 TraceCheckUtils]: 108: Hoare triple {25624#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {26080#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:21,983 INFO L290 TraceCheckUtils]: 109: Hoare triple {26080#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {26080#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:21,984 INFO L290 TraceCheckUtils]: 110: Hoare triple {26080#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {26080#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:21,984 INFO L290 TraceCheckUtils]: 111: Hoare triple {26080#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {26080#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:21,984 INFO L290 TraceCheckUtils]: 112: Hoare triple {26080#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {25625#false} is VALID [2022-02-20 18:02:21,984 INFO L290 TraceCheckUtils]: 113: Hoare triple {25625#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {25625#false} is VALID [2022-02-20 18:02:21,984 INFO L290 TraceCheckUtils]: 114: Hoare triple {25625#false} assume 0 != test_~tmp___8~0#1; {25625#false} is VALID [2022-02-20 18:02:21,985 INFO L290 TraceCheckUtils]: 115: Hoare triple {25625#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {25625#false} is VALID [2022-02-20 18:02:21,985 INFO L290 TraceCheckUtils]: 116: Hoare triple {25625#false} test_~op2~0#1 := 1; {25625#false} is VALID [2022-02-20 18:02:21,985 INFO L290 TraceCheckUtils]: 117: Hoare triple {25625#false} assume !false; {25625#false} is VALID [2022-02-20 18:02:21,985 INFO L290 TraceCheckUtils]: 118: Hoare triple {25625#false} assume !(test_~splverifierCounter~0#1 < 4); {25625#false} is VALID [2022-02-20 18:02:21,985 INFO L290 TraceCheckUtils]: 119: Hoare triple {25625#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {25625#false} is VALID [2022-02-20 18:02:21,985 INFO L272 TraceCheckUtils]: 120: Hoare triple {25625#false} call sendEmail(~bob~0, ~rjh~0); {25625#false} is VALID [2022-02-20 18:02:21,985 INFO L290 TraceCheckUtils]: 121: Hoare triple {25625#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25625#false} is VALID [2022-02-20 18:02:21,986 INFO L272 TraceCheckUtils]: 122: Hoare triple {25625#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25625#false} is VALID [2022-02-20 18:02:21,986 INFO L290 TraceCheckUtils]: 123: Hoare triple {25625#false} ~handle := #in~handle;~value := #in~value; {25625#false} is VALID [2022-02-20 18:02:21,986 INFO L290 TraceCheckUtils]: 124: Hoare triple {25625#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25625#false} is VALID [2022-02-20 18:02:21,986 INFO L290 TraceCheckUtils]: 125: Hoare triple {25625#false} assume true; {25625#false} is VALID [2022-02-20 18:02:21,986 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {25625#false} {25625#false} #1651#return; {25625#false} is VALID [2022-02-20 18:02:21,986 INFO L272 TraceCheckUtils]: 127: Hoare triple {25625#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25625#false} is VALID [2022-02-20 18:02:21,986 INFO L290 TraceCheckUtils]: 128: Hoare triple {25625#false} ~handle := #in~handle;~value := #in~value; {25625#false} is VALID [2022-02-20 18:02:21,987 INFO L290 TraceCheckUtils]: 129: Hoare triple {25625#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25625#false} is VALID [2022-02-20 18:02:21,987 INFO L290 TraceCheckUtils]: 130: Hoare triple {25625#false} assume true; {25625#false} is VALID [2022-02-20 18:02:21,987 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25625#false} {25625#false} #1653#return; {25625#false} is VALID [2022-02-20 18:02:21,987 INFO L290 TraceCheckUtils]: 132: Hoare triple {25625#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {25625#false} is VALID [2022-02-20 18:02:21,987 INFO L290 TraceCheckUtils]: 133: Hoare triple {25625#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {25625#false} is VALID [2022-02-20 18:02:21,987 INFO L272 TraceCheckUtils]: 134: Hoare triple {25625#false} call outgoing(~sender#1, ~email~0#1); {25625#false} is VALID [2022-02-20 18:02:21,987 INFO L290 TraceCheckUtils]: 135: Hoare triple {25625#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25625#false} is VALID [2022-02-20 18:02:21,987 INFO L290 TraceCheckUtils]: 136: Hoare triple {25625#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {25625#false} is VALID [2022-02-20 18:02:21,988 INFO L272 TraceCheckUtils]: 137: Hoare triple {25625#false} call outgoing__before__Sign(~client#1, ~msg#1); {25625#false} is VALID [2022-02-20 18:02:21,988 INFO L290 TraceCheckUtils]: 138: Hoare triple {25625#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25625#false} is VALID [2022-02-20 18:02:21,988 INFO L290 TraceCheckUtils]: 139: Hoare triple {25625#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret105#1, outgoing__role__AddressBook_#t~ret106#1, outgoing__role__AddressBook_#t~ret107#1, outgoing__role__AddressBook_#t~ret108#1, outgoing__role__AddressBook_#t~ret109#1, outgoing__role__AddressBook_#t~ret110#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~2#1, outgoing__role__AddressBook_~tmp~19#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~8#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~4#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~2#1;havoc outgoing__role__AddressBook_~tmp~19#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~8#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~4#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {25625#false} is VALID [2022-02-20 18:02:21,988 INFO L272 TraceCheckUtils]: 140: Hoare triple {25625#false} call outgoing__role__AddressBook_#t~ret105#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {25625#false} is VALID [2022-02-20 18:02:21,988 INFO L290 TraceCheckUtils]: 141: Hoare triple {25625#false} ~handle := #in~handle;havoc ~retValue_acc~13; {25625#false} is VALID [2022-02-20 18:02:21,988 INFO L290 TraceCheckUtils]: 142: Hoare triple {25625#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~13; {25625#false} is VALID [2022-02-20 18:02:21,988 INFO L290 TraceCheckUtils]: 143: Hoare triple {25625#false} assume true; {25625#false} is VALID [2022-02-20 18:02:21,989 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {25625#false} {25625#false} #1631#return; {25625#false} is VALID [2022-02-20 18:02:21,989 INFO L290 TraceCheckUtils]: 145: Hoare triple {25625#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret105#1 && outgoing__role__AddressBook_#t~ret105#1 <= 2147483647;outgoing__role__AddressBook_~tmp~19#1 := outgoing__role__AddressBook_#t~ret105#1;havoc outgoing__role__AddressBook_#t~ret105#1;outgoing__role__AddressBook_~size~2#1 := outgoing__role__AddressBook_~tmp~19#1; {25625#false} is VALID [2022-02-20 18:02:21,989 INFO L290 TraceCheckUtils]: 146: Hoare triple {25625#false} assume !(0 != outgoing__role__AddressBook_~size~2#1); {25625#false} is VALID [2022-02-20 18:02:21,989 INFO L272 TraceCheckUtils]: 147: Hoare triple {25625#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {25625#false} is VALID [2022-02-20 18:02:21,989 INFO L290 TraceCheckUtils]: 148: Hoare triple {25625#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25625#false} is VALID [2022-02-20 18:02:21,989 INFO L290 TraceCheckUtils]: 149: Hoare triple {25625#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret103#1, outgoing__role__Encrypt_#t~ret104#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~18#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~7#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~18#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~7#1; {25625#false} is VALID [2022-02-20 18:02:21,989 INFO L272 TraceCheckUtils]: 150: Hoare triple {25625#false} call outgoing__role__Encrypt_#t~ret103#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {25625#false} is VALID [2022-02-20 18:02:21,989 INFO L290 TraceCheckUtils]: 151: Hoare triple {25625#false} ~handle := #in~handle;havoc ~retValue_acc~32; {25625#false} is VALID [2022-02-20 18:02:21,990 INFO L290 TraceCheckUtils]: 152: Hoare triple {25625#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {25625#false} is VALID [2022-02-20 18:02:21,990 INFO L290 TraceCheckUtils]: 153: Hoare triple {25625#false} assume true; {25625#false} is VALID [2022-02-20 18:02:21,990 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {25625#false} {25625#false} #1617#return; {25625#false} is VALID [2022-02-20 18:02:21,990 INFO L290 TraceCheckUtils]: 155: Hoare triple {25625#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret103#1 && outgoing__role__Encrypt_#t~ret103#1 <= 2147483647;outgoing__role__Encrypt_~tmp~18#1 := outgoing__role__Encrypt_#t~ret103#1;havoc outgoing__role__Encrypt_#t~ret103#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~18#1; {25625#false} is VALID [2022-02-20 18:02:21,990 INFO L272 TraceCheckUtils]: 156: Hoare triple {25625#false} call outgoing__role__Encrypt_#t~ret104#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {25625#false} is VALID [2022-02-20 18:02:22,002 INFO L290 TraceCheckUtils]: 157: Hoare triple {25625#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {25625#false} is VALID [2022-02-20 18:02:22,003 INFO L290 TraceCheckUtils]: 158: Hoare triple {25625#false} assume 1 == ~handle; {25625#false} is VALID [2022-02-20 18:02:22,003 INFO L290 TraceCheckUtils]: 159: Hoare triple {25625#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {25625#false} is VALID [2022-02-20 18:02:22,003 INFO L290 TraceCheckUtils]: 160: Hoare triple {25625#false} assume true; {25625#false} is VALID [2022-02-20 18:02:22,003 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {25625#false} {25625#false} #1619#return; {25625#false} is VALID [2022-02-20 18:02:22,003 INFO L290 TraceCheckUtils]: 162: Hoare triple {25625#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret104#1 && outgoing__role__Encrypt_#t~ret104#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~7#1 := outgoing__role__Encrypt_#t~ret104#1;havoc outgoing__role__Encrypt_#t~ret104#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~7#1; {25625#false} is VALID [2022-02-20 18:02:22,003 INFO L290 TraceCheckUtils]: 163: Hoare triple {25625#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {25625#false} is VALID [2022-02-20 18:02:22,003 INFO L272 TraceCheckUtils]: 164: Hoare triple {25625#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {25625#false} is VALID [2022-02-20 18:02:22,004 INFO L290 TraceCheckUtils]: 165: Hoare triple {25625#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {25625#false} is VALID [2022-02-20 18:02:22,004 INFO L290 TraceCheckUtils]: 166: Hoare triple {25625#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {25625#false} is VALID [2022-02-20 18:02:22,004 INFO L290 TraceCheckUtils]: 167: Hoare triple {25625#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {25625#false} is VALID [2022-02-20 18:02:22,004 INFO L272 TraceCheckUtils]: 168: Hoare triple {25625#false} call setEmailFrom(~msg#1, ~tmp~17#1); {25625#false} is VALID [2022-02-20 18:02:22,004 INFO L290 TraceCheckUtils]: 169: Hoare triple {25625#false} ~handle := #in~handle;~value := #in~value; {25625#false} is VALID [2022-02-20 18:02:22,004 INFO L290 TraceCheckUtils]: 170: Hoare triple {25625#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25625#false} is VALID [2022-02-20 18:02:22,004 INFO L290 TraceCheckUtils]: 171: Hoare triple {25625#false} assume true; {25625#false} is VALID [2022-02-20 18:02:22,005 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {25625#false} {25625#false} #1663#return; {25625#false} is VALID [2022-02-20 18:02:22,005 INFO L290 TraceCheckUtils]: 173: Hoare triple {25625#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {25625#false} is VALID [2022-02-20 18:02:22,005 INFO L272 TraceCheckUtils]: 174: Hoare triple {25625#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {25625#false} is VALID [2022-02-20 18:02:22,005 INFO L290 TraceCheckUtils]: 175: Hoare triple {25625#false} ~handle := #in~handle;havoc ~retValue_acc~35; {25625#false} is VALID [2022-02-20 18:02:22,005 INFO L290 TraceCheckUtils]: 176: Hoare triple {25625#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {25625#false} is VALID [2022-02-20 18:02:22,005 INFO L290 TraceCheckUtils]: 177: Hoare triple {25625#false} assume true; {25625#false} is VALID [2022-02-20 18:02:22,005 INFO L284 TraceCheckUtils]: 178: Hoare quadruple {25625#false} {25625#false} #1665#return; {25625#false} is VALID [2022-02-20 18:02:22,005 INFO L290 TraceCheckUtils]: 179: Hoare triple {25625#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {25625#false} is VALID [2022-02-20 18:02:22,006 INFO L290 TraceCheckUtils]: 180: Hoare triple {25625#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {25625#false} is VALID [2022-02-20 18:02:22,006 INFO L272 TraceCheckUtils]: 181: Hoare triple {25625#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {25625#false} is VALID [2022-02-20 18:02:22,006 INFO L290 TraceCheckUtils]: 182: Hoare triple {25625#false} ~handle := #in~handle;havoc ~retValue_acc~32; {25625#false} is VALID [2022-02-20 18:02:22,006 INFO L290 TraceCheckUtils]: 183: Hoare triple {25625#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {25625#false} is VALID [2022-02-20 18:02:22,006 INFO L290 TraceCheckUtils]: 184: Hoare triple {25625#false} assume true; {25625#false} is VALID [2022-02-20 18:02:22,006 INFO L284 TraceCheckUtils]: 185: Hoare quadruple {25625#false} {25625#false} #1667#return; {25625#false} is VALID [2022-02-20 18:02:22,006 INFO L290 TraceCheckUtils]: 186: Hoare triple {25625#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {25625#false} is VALID [2022-02-20 18:02:22,007 INFO L290 TraceCheckUtils]: 187: Hoare triple {25625#false} assume 1 == ~sent_encrypted~0; {25625#false} is VALID [2022-02-20 18:02:22,007 INFO L272 TraceCheckUtils]: 188: Hoare triple {25625#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {25625#false} is VALID [2022-02-20 18:02:22,007 INFO L290 TraceCheckUtils]: 189: Hoare triple {25625#false} ~handle := #in~handle;havoc ~retValue_acc~19; {25625#false} is VALID [2022-02-20 18:02:22,007 INFO L290 TraceCheckUtils]: 190: Hoare triple {25625#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {25625#false} is VALID [2022-02-20 18:02:22,007 INFO L290 TraceCheckUtils]: 191: Hoare triple {25625#false} assume true; {25625#false} is VALID [2022-02-20 18:02:22,007 INFO L284 TraceCheckUtils]: 192: Hoare quadruple {25625#false} {25625#false} #1669#return; {25625#false} is VALID [2022-02-20 18:02:22,007 INFO L290 TraceCheckUtils]: 193: Hoare triple {25625#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {25625#false} is VALID [2022-02-20 18:02:22,007 INFO L272 TraceCheckUtils]: 194: Hoare triple {25625#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {25625#false} is VALID [2022-02-20 18:02:22,008 INFO L290 TraceCheckUtils]: 195: Hoare triple {25625#false} ~handle := #in~handle;havoc ~retValue_acc~36; {25625#false} is VALID [2022-02-20 18:02:22,008 INFO L290 TraceCheckUtils]: 196: Hoare triple {25625#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {25625#false} is VALID [2022-02-20 18:02:22,008 INFO L290 TraceCheckUtils]: 197: Hoare triple {25625#false} assume true; {25625#false} is VALID [2022-02-20 18:02:22,008 INFO L284 TraceCheckUtils]: 198: Hoare quadruple {25625#false} {25625#false} #1671#return; {25625#false} is VALID [2022-02-20 18:02:22,008 INFO L290 TraceCheckUtils]: 199: Hoare triple {25625#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {25625#false} is VALID [2022-02-20 18:02:22,008 INFO L272 TraceCheckUtils]: 200: Hoare triple {25625#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {25625#false} is VALID [2022-02-20 18:02:22,008 INFO L290 TraceCheckUtils]: 201: Hoare triple {25625#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {25625#false} is VALID [2022-02-20 18:02:22,008 INFO L290 TraceCheckUtils]: 202: Hoare triple {25625#false} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {25625#false} is VALID [2022-02-20 18:02:22,009 INFO L290 TraceCheckUtils]: 203: Hoare triple {25625#false} assume true; {25625#false} is VALID [2022-02-20 18:02:22,009 INFO L284 TraceCheckUtils]: 204: Hoare quadruple {25625#false} {25625#false} #1673#return; {25625#false} is VALID [2022-02-20 18:02:22,009 INFO L290 TraceCheckUtils]: 205: Hoare triple {25625#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {25625#false} is VALID [2022-02-20 18:02:22,009 INFO L290 TraceCheckUtils]: 206: Hoare triple {25625#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {25625#false} is VALID [2022-02-20 18:02:22,009 INFO L290 TraceCheckUtils]: 207: Hoare triple {25625#false} assume !false; {25625#false} is VALID [2022-02-20 18:02:22,010 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 116 trivial. 0 not checked. [2022-02-20 18:02:22,011 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:22,011 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1070474655] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:22,011 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:22,011 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 18:02:22,011 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1213514522] [2022-02-20 18:02:22,011 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:22,012 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 38.333333333333336) internal successors, (115), 3 states have internal predecessors, (115), 2 states have call successors, (33), 2 states have call predecessors, (33), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) Word has length 208 [2022-02-20 18:02:22,015 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:22,015 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 38.333333333333336) internal successors, (115), 3 states have internal predecessors, (115), 2 states have call successors, (33), 2 states have call predecessors, (33), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) [2022-02-20 18:02:22,126 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 176 edges. 176 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:22,127 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:02:22,127 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:22,127 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:02:22,127 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:02:22,128 INFO L87 Difference]: Start difference. First operand 598 states and 858 transitions. Second operand has 3 states, 3 states have (on average 38.333333333333336) internal successors, (115), 3 states have internal predecessors, (115), 2 states have call successors, (33), 2 states have call predecessors, (33), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) [2022-02-20 18:02:22,906 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:22,919 INFO L93 Difference]: Finished difference Result 1216 states and 1777 transitions. [2022-02-20 18:02:22,919 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:02:22,920 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 38.333333333333336) internal successors, (115), 3 states have internal predecessors, (115), 2 states have call successors, (33), 2 states have call predecessors, (33), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) Word has length 208 [2022-02-20 18:02:22,920 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:22,921 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 38.333333333333336) internal successors, (115), 3 states have internal predecessors, (115), 2 states have call successors, (33), 2 states have call predecessors, (33), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) [2022-02-20 18:02:22,955 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1773 transitions. [2022-02-20 18:02:22,955 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 38.333333333333336) internal successors, (115), 3 states have internal predecessors, (115), 2 states have call successors, (33), 2 states have call predecessors, (33), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) [2022-02-20 18:02:22,989 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1773 transitions. [2022-02-20 18:02:22,989 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1773 transitions. [2022-02-20 18:02:24,040 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1773 edges. 1773 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:24,065 INFO L225 Difference]: With dead ends: 1216 [2022-02-20 18:02:24,066 INFO L226 Difference]: Without dead ends: 696 [2022-02-20 18:02:24,067 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 269 GetRequests, 258 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:02:24,068 INFO L933 BasicCegarLoop]: 882 mSDtfsCounter, 165 mSDsluCounter, 804 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 1686 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:24,068 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 1686 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:24,069 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 696 states. [2022-02-20 18:02:24,106 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 696 to 688. [2022-02-20 18:02:24,107 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:24,108 INFO L82 GeneralOperation]: Start isEquivalent. First operand 696 states. Second operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 535 states have internal predecessors, (767), 119 states have call successors, (119), 44 states have call predecessors, (119), 44 states have return successors, (118), 117 states have call predecessors, (118), 118 states have call successors, (118) [2022-02-20 18:02:24,109 INFO L74 IsIncluded]: Start isIncluded. First operand 696 states. Second operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 535 states have internal predecessors, (767), 119 states have call successors, (119), 44 states have call predecessors, (119), 44 states have return successors, (118), 117 states have call predecessors, (118), 118 states have call successors, (118) [2022-02-20 18:02:24,110 INFO L87 Difference]: Start difference. First operand 696 states. Second operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 535 states have internal predecessors, (767), 119 states have call successors, (119), 44 states have call predecessors, (119), 44 states have return successors, (118), 117 states have call predecessors, (118), 118 states have call successors, (118) [2022-02-20 18:02:24,128 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:24,129 INFO L93 Difference]: Finished difference Result 696 states and 1013 transitions. [2022-02-20 18:02:24,129 INFO L276 IsEmpty]: Start isEmpty. Operand 696 states and 1013 transitions. [2022-02-20 18:02:24,130 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:24,130 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:24,133 INFO L74 IsIncluded]: Start isIncluded. First operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 535 states have internal predecessors, (767), 119 states have call successors, (119), 44 states have call predecessors, (119), 44 states have return successors, (118), 117 states have call predecessors, (118), 118 states have call successors, (118) Second operand 696 states. [2022-02-20 18:02:24,133 INFO L87 Difference]: Start difference. First operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 535 states have internal predecessors, (767), 119 states have call successors, (119), 44 states have call predecessors, (119), 44 states have return successors, (118), 117 states have call predecessors, (118), 118 states have call successors, (118) Second operand 696 states. [2022-02-20 18:02:24,152 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:24,152 INFO L93 Difference]: Finished difference Result 696 states and 1013 transitions. [2022-02-20 18:02:24,152 INFO L276 IsEmpty]: Start isEmpty. Operand 696 states and 1013 transitions. [2022-02-20 18:02:24,154 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:24,155 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:24,155 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:24,155 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:24,156 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 535 states have internal predecessors, (767), 119 states have call successors, (119), 44 states have call predecessors, (119), 44 states have return successors, (118), 117 states have call predecessors, (118), 118 states have call successors, (118) [2022-02-20 18:02:24,180 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 688 states to 688 states and 1004 transitions. [2022-02-20 18:02:24,180 INFO L78 Accepts]: Start accepts. Automaton has 688 states and 1004 transitions. Word has length 208 [2022-02-20 18:02:24,181 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:24,181 INFO L470 AbstractCegarLoop]: Abstraction has 688 states and 1004 transitions. [2022-02-20 18:02:24,181 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 38.333333333333336) internal successors, (115), 3 states have internal predecessors, (115), 2 states have call successors, (33), 2 states have call predecessors, (33), 2 states have return successors, (28), 2 states have call predecessors, (28), 2 states have call successors, (28) [2022-02-20 18:02:24,181 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1004 transitions. [2022-02-20 18:02:24,183 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 210 [2022-02-20 18:02:24,183 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:24,184 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:24,219 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:24,401 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable6 [2022-02-20 18:02:24,401 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:24,402 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:24,402 INFO L85 PathProgramCache]: Analyzing trace with hash 1896652287, now seen corresponding path program 1 times [2022-02-20 18:02:24,402 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:24,402 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [928593655] [2022-02-20 18:02:24,402 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:24,402 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:24,455 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,479 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:02:24,481 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,483 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,484 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,484 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30392#true} {30392#true} #1741#return; {30392#true} is VALID [2022-02-20 18:02:24,484 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:02:24,486 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,487 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,487 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,488 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30392#true} {30392#true} #1743#return; {30392#true} is VALID [2022-02-20 18:02:24,488 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:02:24,489 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,491 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,491 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,491 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30392#true} {30392#true} #1745#return; {30392#true} is VALID [2022-02-20 18:02:24,491 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:24,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,494 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,494 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,494 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30392#true} {30392#true} #1747#return; {30392#true} is VALID [2022-02-20 18:02:24,495 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:02:24,496 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,497 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,498 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,498 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30392#true} {30392#true} #1749#return; {30392#true} is VALID [2022-02-20 18:02:24,498 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:02:24,499 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,501 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,501 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,501 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30392#true} {30392#true} #1751#return; {30392#true} is VALID [2022-02-20 18:02:24,501 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:02:24,503 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,504 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,504 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,504 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30392#true} {30392#true} #1753#return; {30392#true} is VALID [2022-02-20 18:02:24,504 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:02:24,506 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,508 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,508 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,508 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {30392#true} {30392#true} #1755#return; {30392#true} is VALID [2022-02-20 18:02:24,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:02:24,514 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,516 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:24,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,518 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,518 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30392#true} #1739#return; {30392#true} is VALID [2022-02-20 18:02:24,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {30392#true} is VALID [2022-02-20 18:02:24,519 INFO L272 TraceCheckUtils]: 1: Hoare triple {30392#true} call setClientId(~bob___0, ~bob___0); {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:24,519 INFO L290 TraceCheckUtils]: 2: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,519 INFO L290 TraceCheckUtils]: 3: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,519 INFO L290 TraceCheckUtils]: 4: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,519 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30392#true} {30392#true} #1739#return; {30392#true} is VALID [2022-02-20 18:02:24,520 INFO L290 TraceCheckUtils]: 6: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,520 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {30392#true} {30392#true} #1757#return; {30392#true} is VALID [2022-02-20 18:02:24,525 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:02:24,527 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,528 INFO L290 TraceCheckUtils]: 0: Hoare triple {30506#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,529 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,529 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,529 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30392#true} #1759#return; {30392#true} is VALID [2022-02-20 18:02:24,529 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:02:24,531 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,543 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:24,545 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,560 INFO L290 TraceCheckUtils]: 0: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30513#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:24,561 INFO L290 TraceCheckUtils]: 1: Hoare triple {30513#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30514#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:24,561 INFO L290 TraceCheckUtils]: 2: Hoare triple {30514#(= |setClientId_#in~handle| 1)} assume true; {30514#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:24,562 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30514#(= |setClientId_#in~handle| 1)} {30507#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1691#return; {30512#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:24,562 INFO L290 TraceCheckUtils]: 0: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {30507#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:24,563 INFO L272 TraceCheckUtils]: 1: Hoare triple {30507#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:24,563 INFO L290 TraceCheckUtils]: 2: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30513#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:24,563 INFO L290 TraceCheckUtils]: 3: Hoare triple {30513#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30514#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:24,564 INFO L290 TraceCheckUtils]: 4: Hoare triple {30514#(= |setClientId_#in~handle| 1)} assume true; {30514#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:24,564 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30514#(= |setClientId_#in~handle| 1)} {30507#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1691#return; {30512#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:24,565 INFO L290 TraceCheckUtils]: 6: Hoare triple {30512#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {30512#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:24,565 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {30512#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {30431#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1763#return; {30393#false} is VALID [2022-02-20 18:02:24,565 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:02:24,567 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,568 INFO L290 TraceCheckUtils]: 0: Hoare triple {30506#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,569 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,569 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,569 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30393#false} #1765#return; {30393#false} is VALID [2022-02-20 18:02:24,569 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:02:24,571 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,573 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:24,574 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,575 INFO L290 TraceCheckUtils]: 0: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,575 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,575 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,576 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30392#true} #1629#return; {30392#true} is VALID [2022-02-20 18:02:24,576 INFO L290 TraceCheckUtils]: 0: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {30392#true} is VALID [2022-02-20 18:02:24,576 INFO L272 TraceCheckUtils]: 1: Hoare triple {30392#true} call setClientId(~chuck___0, ~chuck___0); {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:24,576 INFO L290 TraceCheckUtils]: 2: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,577 INFO L290 TraceCheckUtils]: 3: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,577 INFO L290 TraceCheckUtils]: 4: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,577 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30392#true} {30392#true} #1629#return; {30392#true} is VALID [2022-02-20 18:02:24,577 INFO L290 TraceCheckUtils]: 6: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,577 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {30392#true} {30393#false} #1769#return; {30393#false} is VALID [2022-02-20 18:02:24,577 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:02:24,580 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,581 INFO L290 TraceCheckUtils]: 0: Hoare triple {30506#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,581 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,582 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,582 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30393#false} #1771#return; {30393#false} is VALID [2022-02-20 18:02:24,589 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:02:24,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,591 INFO L290 TraceCheckUtils]: 0: Hoare triple {30519#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,592 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,592 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,592 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30393#false} #1651#return; {30393#false} is VALID [2022-02-20 18:02:24,600 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 18:02:24,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,602 INFO L290 TraceCheckUtils]: 0: Hoare triple {30520#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,603 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,603 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,603 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30393#false} #1653#return; {30393#false} is VALID [2022-02-20 18:02:24,603 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 18:02:24,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,605 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} ~handle := #in~handle;havoc ~retValue_acc~13; {30392#true} is VALID [2022-02-20 18:02:24,605 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~13; {30392#true} is VALID [2022-02-20 18:02:24,605 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,605 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30393#false} #1631#return; {30393#false} is VALID [2022-02-20 18:02:24,605 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 151 [2022-02-20 18:02:24,606 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,607 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} ~handle := #in~handle;havoc ~retValue_acc~32; {30392#true} is VALID [2022-02-20 18:02:24,607 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {30392#true} is VALID [2022-02-20 18:02:24,607 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,607 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30393#false} #1617#return; {30393#false} is VALID [2022-02-20 18:02:24,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 157 [2022-02-20 18:02:24,609 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,610 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {30392#true} is VALID [2022-02-20 18:02:24,610 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle; {30392#true} is VALID [2022-02-20 18:02:24,610 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {30392#true} is VALID [2022-02-20 18:02:24,610 INFO L290 TraceCheckUtils]: 3: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,610 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30392#true} {30393#false} #1619#return; {30393#false} is VALID [2022-02-20 18:02:24,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 169 [2022-02-20 18:02:24,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,612 INFO L290 TraceCheckUtils]: 0: Hoare triple {30519#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,612 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,612 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,613 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30393#false} #1663#return; {30393#false} is VALID [2022-02-20 18:02:24,613 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 175 [2022-02-20 18:02:24,613 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} ~handle := #in~handle;havoc ~retValue_acc~35; {30392#true} is VALID [2022-02-20 18:02:24,615 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {30392#true} is VALID [2022-02-20 18:02:24,615 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,615 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30393#false} #1665#return; {30393#false} is VALID [2022-02-20 18:02:24,615 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 182 [2022-02-20 18:02:24,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,617 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} ~handle := #in~handle;havoc ~retValue_acc~32; {30392#true} is VALID [2022-02-20 18:02:24,617 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {30392#true} is VALID [2022-02-20 18:02:24,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,617 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30393#false} #1667#return; {30393#false} is VALID [2022-02-20 18:02:24,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 189 [2022-02-20 18:02:24,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,620 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} ~handle := #in~handle;havoc ~retValue_acc~19; {30392#true} is VALID [2022-02-20 18:02:24,620 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {30392#true} is VALID [2022-02-20 18:02:24,620 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,620 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30393#false} #1669#return; {30393#false} is VALID [2022-02-20 18:02:24,620 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 195 [2022-02-20 18:02:24,621 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,624 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30392#true} is VALID [2022-02-20 18:02:24,624 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {30392#true} is VALID [2022-02-20 18:02:24,625 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,625 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30393#false} #1671#return; {30393#false} is VALID [2022-02-20 18:02:24,625 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 201 [2022-02-20 18:02:24,626 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,627 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {30392#true} is VALID [2022-02-20 18:02:24,627 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {30392#true} is VALID [2022-02-20 18:02:24,627 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,627 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30392#true} {30393#false} #1673#return; {30393#false} is VALID [2022-02-20 18:02:24,627 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {30392#true} is VALID [2022-02-20 18:02:24,628 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {30392#true} is VALID [2022-02-20 18:02:24,628 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {30392#true} is VALID [2022-02-20 18:02:24,628 INFO L272 TraceCheckUtils]: 3: Hoare triple {30392#true} call select_features_#t~ret58#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:24,628 INFO L290 TraceCheckUtils]: 4: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,628 INFO L290 TraceCheckUtils]: 5: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,628 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {30392#true} {30392#true} #1741#return; {30392#true} is VALID [2022-02-20 18:02:24,628 INFO L290 TraceCheckUtils]: 7: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {30392#true} is VALID [2022-02-20 18:02:24,628 INFO L272 TraceCheckUtils]: 8: Hoare triple {30392#true} call select_features_#t~ret59#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:24,628 INFO L290 TraceCheckUtils]: 9: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,629 INFO L290 TraceCheckUtils]: 10: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,629 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {30392#true} {30392#true} #1743#return; {30392#true} is VALID [2022-02-20 18:02:24,629 INFO L290 TraceCheckUtils]: 12: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {30392#true} is VALID [2022-02-20 18:02:24,629 INFO L272 TraceCheckUtils]: 13: Hoare triple {30392#true} call select_features_#t~ret60#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:24,629 INFO L290 TraceCheckUtils]: 14: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,629 INFO L290 TraceCheckUtils]: 15: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,629 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30392#true} {30392#true} #1745#return; {30392#true} is VALID [2022-02-20 18:02:24,629 INFO L290 TraceCheckUtils]: 17: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {30392#true} is VALID [2022-02-20 18:02:24,629 INFO L272 TraceCheckUtils]: 18: Hoare triple {30392#true} call select_features_#t~ret61#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:24,629 INFO L290 TraceCheckUtils]: 19: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,630 INFO L290 TraceCheckUtils]: 20: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,630 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {30392#true} {30392#true} #1747#return; {30392#true} is VALID [2022-02-20 18:02:24,630 INFO L290 TraceCheckUtils]: 22: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {30392#true} is VALID [2022-02-20 18:02:24,630 INFO L272 TraceCheckUtils]: 23: Hoare triple {30392#true} call select_features_#t~ret62#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:24,630 INFO L290 TraceCheckUtils]: 24: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,630 INFO L290 TraceCheckUtils]: 25: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,630 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {30392#true} {30392#true} #1749#return; {30392#true} is VALID [2022-02-20 18:02:24,630 INFO L290 TraceCheckUtils]: 27: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {30392#true} is VALID [2022-02-20 18:02:24,630 INFO L272 TraceCheckUtils]: 28: Hoare triple {30392#true} call select_features_#t~ret63#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:24,630 INFO L290 TraceCheckUtils]: 29: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,631 INFO L290 TraceCheckUtils]: 30: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,631 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {30392#true} {30392#true} #1751#return; {30392#true} is VALID [2022-02-20 18:02:24,631 INFO L290 TraceCheckUtils]: 32: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {30392#true} is VALID [2022-02-20 18:02:24,631 INFO L272 TraceCheckUtils]: 33: Hoare triple {30392#true} call select_features_#t~ret64#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:24,631 INFO L290 TraceCheckUtils]: 34: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,631 INFO L290 TraceCheckUtils]: 35: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,631 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {30392#true} {30392#true} #1753#return; {30392#true} is VALID [2022-02-20 18:02:24,631 INFO L290 TraceCheckUtils]: 37: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {30392#true} is VALID [2022-02-20 18:02:24,631 INFO L272 TraceCheckUtils]: 38: Hoare triple {30392#true} call select_features_#t~ret65#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:24,632 INFO L290 TraceCheckUtils]: 39: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:24,632 INFO L290 TraceCheckUtils]: 40: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,632 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {30392#true} {30392#true} #1755#return; {30392#true} is VALID [2022-02-20 18:02:24,632 INFO L290 TraceCheckUtils]: 42: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {30392#true} is VALID [2022-02-20 18:02:24,632 INFO L290 TraceCheckUtils]: 43: Hoare triple {30392#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {30392#true} is VALID [2022-02-20 18:02:24,632 INFO L290 TraceCheckUtils]: 44: Hoare triple {30392#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {30392#true} is VALID [2022-02-20 18:02:24,632 INFO L290 TraceCheckUtils]: 45: Hoare triple {30392#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {30392#true} is VALID [2022-02-20 18:02:24,632 INFO L290 TraceCheckUtils]: 46: Hoare triple {30392#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {30392#true} is VALID [2022-02-20 18:02:24,632 INFO L290 TraceCheckUtils]: 47: Hoare triple {30392#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {30392#true} is VALID [2022-02-20 18:02:24,632 INFO L290 TraceCheckUtils]: 48: Hoare triple {30392#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {30392#true} is VALID [2022-02-20 18:02:24,633 INFO L290 TraceCheckUtils]: 49: Hoare triple {30392#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {30392#true} is VALID [2022-02-20 18:02:24,633 INFO L290 TraceCheckUtils]: 50: Hoare triple {30392#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {30392#true} is VALID [2022-02-20 18:02:24,633 INFO L290 TraceCheckUtils]: 51: Hoare triple {30392#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {30392#true} is VALID [2022-02-20 18:02:24,633 INFO L290 TraceCheckUtils]: 52: Hoare triple {30392#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {30392#true} is VALID [2022-02-20 18:02:24,633 INFO L290 TraceCheckUtils]: 53: Hoare triple {30392#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~9#1 := 1; {30392#true} is VALID [2022-02-20 18:02:24,633 INFO L290 TraceCheckUtils]: 54: Hoare triple {30392#true} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {30392#true} is VALID [2022-02-20 18:02:24,633 INFO L290 TraceCheckUtils]: 55: Hoare triple {30392#true} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {30392#true} is VALID [2022-02-20 18:02:24,633 INFO L290 TraceCheckUtils]: 56: Hoare triple {30392#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {30392#true} is VALID [2022-02-20 18:02:24,633 INFO L290 TraceCheckUtils]: 57: Hoare triple {30392#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {30392#true} is VALID [2022-02-20 18:02:24,634 INFO L272 TraceCheckUtils]: 58: Hoare triple {30392#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:24,634 INFO L290 TraceCheckUtils]: 59: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {30392#true} is VALID [2022-02-20 18:02:24,635 INFO L272 TraceCheckUtils]: 60: Hoare triple {30392#true} call setClientId(~bob___0, ~bob___0); {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:24,635 INFO L290 TraceCheckUtils]: 61: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,635 INFO L290 TraceCheckUtils]: 62: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,635 INFO L290 TraceCheckUtils]: 63: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,635 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {30392#true} {30392#true} #1739#return; {30392#true} is VALID [2022-02-20 18:02:24,635 INFO L290 TraceCheckUtils]: 65: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,635 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {30392#true} {30392#true} #1757#return; {30392#true} is VALID [2022-02-20 18:02:24,636 INFO L272 TraceCheckUtils]: 67: Hoare triple {30392#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {30506#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:24,636 INFO L290 TraceCheckUtils]: 68: Hoare triple {30506#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,636 INFO L290 TraceCheckUtils]: 69: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,636 INFO L290 TraceCheckUtils]: 70: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,636 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {30392#true} {30392#true} #1759#return; {30392#true} is VALID [2022-02-20 18:02:24,636 INFO L290 TraceCheckUtils]: 72: Hoare triple {30392#true} assume { :end_inline_setup_bob__role__Keys } true; {30392#true} is VALID [2022-02-20 18:02:24,637 INFO L290 TraceCheckUtils]: 73: Hoare triple {30392#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {30430#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:24,637 INFO L290 TraceCheckUtils]: 74: Hoare triple {30430#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {30431#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:24,638 INFO L272 TraceCheckUtils]: 75: Hoare triple {30431#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:24,638 INFO L290 TraceCheckUtils]: 76: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {30507#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:24,639 INFO L272 TraceCheckUtils]: 77: Hoare triple {30507#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:24,639 INFO L290 TraceCheckUtils]: 78: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30513#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:24,639 INFO L290 TraceCheckUtils]: 79: Hoare triple {30513#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30514#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:24,640 INFO L290 TraceCheckUtils]: 80: Hoare triple {30514#(= |setClientId_#in~handle| 1)} assume true; {30514#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:24,640 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {30514#(= |setClientId_#in~handle| 1)} {30507#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1691#return; {30512#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:24,640 INFO L290 TraceCheckUtils]: 82: Hoare triple {30512#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {30512#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:24,641 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {30512#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {30431#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1763#return; {30393#false} is VALID [2022-02-20 18:02:24,641 INFO L272 TraceCheckUtils]: 84: Hoare triple {30393#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {30506#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:24,641 INFO L290 TraceCheckUtils]: 85: Hoare triple {30506#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,641 INFO L290 TraceCheckUtils]: 86: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,641 INFO L290 TraceCheckUtils]: 87: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,641 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {30392#true} {30393#false} #1765#return; {30393#false} is VALID [2022-02-20 18:02:24,641 INFO L290 TraceCheckUtils]: 89: Hoare triple {30393#false} assume { :end_inline_setup_rjh__role__Keys } true; {30393#false} is VALID [2022-02-20 18:02:24,641 INFO L290 TraceCheckUtils]: 90: Hoare triple {30393#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {30393#false} is VALID [2022-02-20 18:02:24,642 INFO L290 TraceCheckUtils]: 91: Hoare triple {30393#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {30393#false} is VALID [2022-02-20 18:02:24,642 INFO L272 TraceCheckUtils]: 92: Hoare triple {30393#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:24,642 INFO L290 TraceCheckUtils]: 93: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {30392#true} is VALID [2022-02-20 18:02:24,642 INFO L272 TraceCheckUtils]: 94: Hoare triple {30392#true} call setClientId(~chuck___0, ~chuck___0); {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:24,642 INFO L290 TraceCheckUtils]: 95: Hoare triple {30501#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,643 INFO L290 TraceCheckUtils]: 96: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,643 INFO L290 TraceCheckUtils]: 97: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,643 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {30392#true} {30392#true} #1629#return; {30392#true} is VALID [2022-02-20 18:02:24,643 INFO L290 TraceCheckUtils]: 99: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,643 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {30392#true} {30393#false} #1769#return; {30393#false} is VALID [2022-02-20 18:02:24,643 INFO L272 TraceCheckUtils]: 101: Hoare triple {30393#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {30506#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:24,643 INFO L290 TraceCheckUtils]: 102: Hoare triple {30506#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,643 INFO L290 TraceCheckUtils]: 103: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,643 INFO L290 TraceCheckUtils]: 104: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,643 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {30392#true} {30393#false} #1771#return; {30393#false} is VALID [2022-02-20 18:02:24,644 INFO L290 TraceCheckUtils]: 106: Hoare triple {30393#false} assume { :end_inline_setup_chuck__role__Keys } true; {30393#false} is VALID [2022-02-20 18:02:24,644 INFO L290 TraceCheckUtils]: 107: Hoare triple {30393#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {30393#false} is VALID [2022-02-20 18:02:24,644 INFO L290 TraceCheckUtils]: 108: Hoare triple {30393#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30393#false} is VALID [2022-02-20 18:02:24,644 INFO L290 TraceCheckUtils]: 109: Hoare triple {30393#false} assume !false; {30393#false} is VALID [2022-02-20 18:02:24,644 INFO L290 TraceCheckUtils]: 110: Hoare triple {30393#false} assume test_~splverifierCounter~0#1 < 4; {30393#false} is VALID [2022-02-20 18:02:24,644 INFO L290 TraceCheckUtils]: 111: Hoare triple {30393#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30393#false} is VALID [2022-02-20 18:02:24,644 INFO L290 TraceCheckUtils]: 112: Hoare triple {30393#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {30393#false} is VALID [2022-02-20 18:02:24,644 INFO L290 TraceCheckUtils]: 113: Hoare triple {30393#false} assume !(0 != test_~tmp___9~0#1); {30393#false} is VALID [2022-02-20 18:02:24,645 INFO L290 TraceCheckUtils]: 114: Hoare triple {30393#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {30393#false} is VALID [2022-02-20 18:02:24,645 INFO L290 TraceCheckUtils]: 115: Hoare triple {30393#false} assume 0 != test_~tmp___8~0#1; {30393#false} is VALID [2022-02-20 18:02:24,645 INFO L290 TraceCheckUtils]: 116: Hoare triple {30393#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {30393#false} is VALID [2022-02-20 18:02:24,645 INFO L290 TraceCheckUtils]: 117: Hoare triple {30393#false} test_~op2~0#1 := 1; {30393#false} is VALID [2022-02-20 18:02:24,645 INFO L290 TraceCheckUtils]: 118: Hoare triple {30393#false} assume !false; {30393#false} is VALID [2022-02-20 18:02:24,645 INFO L290 TraceCheckUtils]: 119: Hoare triple {30393#false} assume !(test_~splverifierCounter~0#1 < 4); {30393#false} is VALID [2022-02-20 18:02:24,645 INFO L290 TraceCheckUtils]: 120: Hoare triple {30393#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {30393#false} is VALID [2022-02-20 18:02:24,645 INFO L272 TraceCheckUtils]: 121: Hoare triple {30393#false} call sendEmail(~bob~0, ~rjh~0); {30393#false} is VALID [2022-02-20 18:02:24,645 INFO L290 TraceCheckUtils]: 122: Hoare triple {30393#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30393#false} is VALID [2022-02-20 18:02:24,645 INFO L272 TraceCheckUtils]: 123: Hoare triple {30393#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30519#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:24,646 INFO L290 TraceCheckUtils]: 124: Hoare triple {30519#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,646 INFO L290 TraceCheckUtils]: 125: Hoare triple {30392#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,646 INFO L290 TraceCheckUtils]: 126: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,646 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {30392#true} {30393#false} #1651#return; {30393#false} is VALID [2022-02-20 18:02:24,646 INFO L272 TraceCheckUtils]: 128: Hoare triple {30393#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30520#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:24,646 INFO L290 TraceCheckUtils]: 129: Hoare triple {30520#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,646 INFO L290 TraceCheckUtils]: 130: Hoare triple {30392#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,646 INFO L290 TraceCheckUtils]: 131: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,646 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {30392#true} {30393#false} #1653#return; {30393#false} is VALID [2022-02-20 18:02:24,647 INFO L290 TraceCheckUtils]: 133: Hoare triple {30393#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {30393#false} is VALID [2022-02-20 18:02:24,647 INFO L290 TraceCheckUtils]: 134: Hoare triple {30393#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {30393#false} is VALID [2022-02-20 18:02:24,647 INFO L272 TraceCheckUtils]: 135: Hoare triple {30393#false} call outgoing(~sender#1, ~email~0#1); {30393#false} is VALID [2022-02-20 18:02:24,647 INFO L290 TraceCheckUtils]: 136: Hoare triple {30393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30393#false} is VALID [2022-02-20 18:02:24,647 INFO L290 TraceCheckUtils]: 137: Hoare triple {30393#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {30393#false} is VALID [2022-02-20 18:02:24,647 INFO L272 TraceCheckUtils]: 138: Hoare triple {30393#false} call outgoing__before__Sign(~client#1, ~msg#1); {30393#false} is VALID [2022-02-20 18:02:24,647 INFO L290 TraceCheckUtils]: 139: Hoare triple {30393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30393#false} is VALID [2022-02-20 18:02:24,647 INFO L290 TraceCheckUtils]: 140: Hoare triple {30393#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret105#1, outgoing__role__AddressBook_#t~ret106#1, outgoing__role__AddressBook_#t~ret107#1, outgoing__role__AddressBook_#t~ret108#1, outgoing__role__AddressBook_#t~ret109#1, outgoing__role__AddressBook_#t~ret110#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~2#1, outgoing__role__AddressBook_~tmp~19#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~8#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~4#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~2#1;havoc outgoing__role__AddressBook_~tmp~19#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~8#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~4#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {30393#false} is VALID [2022-02-20 18:02:24,647 INFO L272 TraceCheckUtils]: 141: Hoare triple {30393#false} call outgoing__role__AddressBook_#t~ret105#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {30392#true} is VALID [2022-02-20 18:02:24,647 INFO L290 TraceCheckUtils]: 142: Hoare triple {30392#true} ~handle := #in~handle;havoc ~retValue_acc~13; {30392#true} is VALID [2022-02-20 18:02:24,648 INFO L290 TraceCheckUtils]: 143: Hoare triple {30392#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~13; {30392#true} is VALID [2022-02-20 18:02:24,648 INFO L290 TraceCheckUtils]: 144: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,648 INFO L284 TraceCheckUtils]: 145: Hoare quadruple {30392#true} {30393#false} #1631#return; {30393#false} is VALID [2022-02-20 18:02:24,648 INFO L290 TraceCheckUtils]: 146: Hoare triple {30393#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret105#1 && outgoing__role__AddressBook_#t~ret105#1 <= 2147483647;outgoing__role__AddressBook_~tmp~19#1 := outgoing__role__AddressBook_#t~ret105#1;havoc outgoing__role__AddressBook_#t~ret105#1;outgoing__role__AddressBook_~size~2#1 := outgoing__role__AddressBook_~tmp~19#1; {30393#false} is VALID [2022-02-20 18:02:24,648 INFO L290 TraceCheckUtils]: 147: Hoare triple {30393#false} assume !(0 != outgoing__role__AddressBook_~size~2#1); {30393#false} is VALID [2022-02-20 18:02:24,648 INFO L272 TraceCheckUtils]: 148: Hoare triple {30393#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {30393#false} is VALID [2022-02-20 18:02:24,648 INFO L290 TraceCheckUtils]: 149: Hoare triple {30393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30393#false} is VALID [2022-02-20 18:02:24,648 INFO L290 TraceCheckUtils]: 150: Hoare triple {30393#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret103#1, outgoing__role__Encrypt_#t~ret104#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~18#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~7#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~18#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~7#1; {30393#false} is VALID [2022-02-20 18:02:24,648 INFO L272 TraceCheckUtils]: 151: Hoare triple {30393#false} call outgoing__role__Encrypt_#t~ret103#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {30392#true} is VALID [2022-02-20 18:02:24,648 INFO L290 TraceCheckUtils]: 152: Hoare triple {30392#true} ~handle := #in~handle;havoc ~retValue_acc~32; {30392#true} is VALID [2022-02-20 18:02:24,649 INFO L290 TraceCheckUtils]: 153: Hoare triple {30392#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {30392#true} is VALID [2022-02-20 18:02:24,649 INFO L290 TraceCheckUtils]: 154: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,649 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {30392#true} {30393#false} #1617#return; {30393#false} is VALID [2022-02-20 18:02:24,649 INFO L290 TraceCheckUtils]: 156: Hoare triple {30393#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret103#1 && outgoing__role__Encrypt_#t~ret103#1 <= 2147483647;outgoing__role__Encrypt_~tmp~18#1 := outgoing__role__Encrypt_#t~ret103#1;havoc outgoing__role__Encrypt_#t~ret103#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~18#1; {30393#false} is VALID [2022-02-20 18:02:24,649 INFO L272 TraceCheckUtils]: 157: Hoare triple {30393#false} call outgoing__role__Encrypt_#t~ret104#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {30392#true} is VALID [2022-02-20 18:02:24,649 INFO L290 TraceCheckUtils]: 158: Hoare triple {30392#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {30392#true} is VALID [2022-02-20 18:02:24,649 INFO L290 TraceCheckUtils]: 159: Hoare triple {30392#true} assume 1 == ~handle; {30392#true} is VALID [2022-02-20 18:02:24,649 INFO L290 TraceCheckUtils]: 160: Hoare triple {30392#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {30392#true} is VALID [2022-02-20 18:02:24,649 INFO L290 TraceCheckUtils]: 161: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,650 INFO L284 TraceCheckUtils]: 162: Hoare quadruple {30392#true} {30393#false} #1619#return; {30393#false} is VALID [2022-02-20 18:02:24,650 INFO L290 TraceCheckUtils]: 163: Hoare triple {30393#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret104#1 && outgoing__role__Encrypt_#t~ret104#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~7#1 := outgoing__role__Encrypt_#t~ret104#1;havoc outgoing__role__Encrypt_#t~ret104#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~7#1; {30393#false} is VALID [2022-02-20 18:02:24,650 INFO L290 TraceCheckUtils]: 164: Hoare triple {30393#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {30393#false} is VALID [2022-02-20 18:02:24,650 INFO L272 TraceCheckUtils]: 165: Hoare triple {30393#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {30393#false} is VALID [2022-02-20 18:02:24,650 INFO L290 TraceCheckUtils]: 166: Hoare triple {30393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {30393#false} is VALID [2022-02-20 18:02:24,650 INFO L290 TraceCheckUtils]: 167: Hoare triple {30393#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {30393#false} is VALID [2022-02-20 18:02:24,650 INFO L290 TraceCheckUtils]: 168: Hoare triple {30393#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {30393#false} is VALID [2022-02-20 18:02:24,650 INFO L272 TraceCheckUtils]: 169: Hoare triple {30393#false} call setEmailFrom(~msg#1, ~tmp~17#1); {30519#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:24,650 INFO L290 TraceCheckUtils]: 170: Hoare triple {30519#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:24,650 INFO L290 TraceCheckUtils]: 171: Hoare triple {30392#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:24,651 INFO L290 TraceCheckUtils]: 172: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,651 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {30392#true} {30393#false} #1663#return; {30393#false} is VALID [2022-02-20 18:02:24,651 INFO L290 TraceCheckUtils]: 174: Hoare triple {30393#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {30393#false} is VALID [2022-02-20 18:02:24,651 INFO L272 TraceCheckUtils]: 175: Hoare triple {30393#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {30392#true} is VALID [2022-02-20 18:02:24,651 INFO L290 TraceCheckUtils]: 176: Hoare triple {30392#true} ~handle := #in~handle;havoc ~retValue_acc~35; {30392#true} is VALID [2022-02-20 18:02:24,651 INFO L290 TraceCheckUtils]: 177: Hoare triple {30392#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {30392#true} is VALID [2022-02-20 18:02:24,651 INFO L290 TraceCheckUtils]: 178: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,651 INFO L284 TraceCheckUtils]: 179: Hoare quadruple {30392#true} {30393#false} #1665#return; {30393#false} is VALID [2022-02-20 18:02:24,651 INFO L290 TraceCheckUtils]: 180: Hoare triple {30393#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {30393#false} is VALID [2022-02-20 18:02:24,652 INFO L290 TraceCheckUtils]: 181: Hoare triple {30393#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {30393#false} is VALID [2022-02-20 18:02:24,652 INFO L272 TraceCheckUtils]: 182: Hoare triple {30393#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {30392#true} is VALID [2022-02-20 18:02:24,652 INFO L290 TraceCheckUtils]: 183: Hoare triple {30392#true} ~handle := #in~handle;havoc ~retValue_acc~32; {30392#true} is VALID [2022-02-20 18:02:24,652 INFO L290 TraceCheckUtils]: 184: Hoare triple {30392#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {30392#true} is VALID [2022-02-20 18:02:24,652 INFO L290 TraceCheckUtils]: 185: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,652 INFO L284 TraceCheckUtils]: 186: Hoare quadruple {30392#true} {30393#false} #1667#return; {30393#false} is VALID [2022-02-20 18:02:24,652 INFO L290 TraceCheckUtils]: 187: Hoare triple {30393#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {30393#false} is VALID [2022-02-20 18:02:24,652 INFO L290 TraceCheckUtils]: 188: Hoare triple {30393#false} assume 1 == ~sent_encrypted~0; {30393#false} is VALID [2022-02-20 18:02:24,652 INFO L272 TraceCheckUtils]: 189: Hoare triple {30393#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {30392#true} is VALID [2022-02-20 18:02:24,652 INFO L290 TraceCheckUtils]: 190: Hoare triple {30392#true} ~handle := #in~handle;havoc ~retValue_acc~19; {30392#true} is VALID [2022-02-20 18:02:24,653 INFO L290 TraceCheckUtils]: 191: Hoare triple {30392#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {30392#true} is VALID [2022-02-20 18:02:24,653 INFO L290 TraceCheckUtils]: 192: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,653 INFO L284 TraceCheckUtils]: 193: Hoare quadruple {30392#true} {30393#false} #1669#return; {30393#false} is VALID [2022-02-20 18:02:24,653 INFO L290 TraceCheckUtils]: 194: Hoare triple {30393#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {30393#false} is VALID [2022-02-20 18:02:24,653 INFO L272 TraceCheckUtils]: 195: Hoare triple {30393#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {30392#true} is VALID [2022-02-20 18:02:24,653 INFO L290 TraceCheckUtils]: 196: Hoare triple {30392#true} ~handle := #in~handle;havoc ~retValue_acc~36; {30392#true} is VALID [2022-02-20 18:02:24,653 INFO L290 TraceCheckUtils]: 197: Hoare triple {30392#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {30392#true} is VALID [2022-02-20 18:02:24,653 INFO L290 TraceCheckUtils]: 198: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,653 INFO L284 TraceCheckUtils]: 199: Hoare quadruple {30392#true} {30393#false} #1671#return; {30393#false} is VALID [2022-02-20 18:02:24,654 INFO L290 TraceCheckUtils]: 200: Hoare triple {30393#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {30393#false} is VALID [2022-02-20 18:02:24,654 INFO L272 TraceCheckUtils]: 201: Hoare triple {30393#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {30392#true} is VALID [2022-02-20 18:02:24,654 INFO L290 TraceCheckUtils]: 202: Hoare triple {30392#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {30392#true} is VALID [2022-02-20 18:02:24,654 INFO L290 TraceCheckUtils]: 203: Hoare triple {30392#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {30392#true} is VALID [2022-02-20 18:02:24,654 INFO L290 TraceCheckUtils]: 204: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:24,654 INFO L284 TraceCheckUtils]: 205: Hoare quadruple {30392#true} {30393#false} #1673#return; {30393#false} is VALID [2022-02-20 18:02:24,654 INFO L290 TraceCheckUtils]: 206: Hoare triple {30393#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {30393#false} is VALID [2022-02-20 18:02:24,654 INFO L290 TraceCheckUtils]: 207: Hoare triple {30393#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {30393#false} is VALID [2022-02-20 18:02:24,654 INFO L290 TraceCheckUtils]: 208: Hoare triple {30393#false} assume !false; {30393#false} is VALID [2022-02-20 18:02:24,655 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 18:02:24,655 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:24,655 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [928593655] [2022-02-20 18:02:24,655 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [928593655] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:24,655 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1808308385] [2022-02-20 18:02:24,655 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:24,656 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:24,656 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:24,672 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:24,673 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:02:24,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,967 INFO L263 TraceCheckSpWp]: Trace formula consists of 1617 conjuncts, 10 conjunts are in the unsatisfiable core [2022-02-20 18:02:25,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,029 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:25,765 INFO L290 TraceCheckUtils]: 0: Hoare triple {30392#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {30392#true} is VALID [2022-02-20 18:02:25,766 INFO L290 TraceCheckUtils]: 1: Hoare triple {30392#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {30392#true} is VALID [2022-02-20 18:02:25,766 INFO L290 TraceCheckUtils]: 2: Hoare triple {30392#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {30392#true} is VALID [2022-02-20 18:02:25,766 INFO L272 TraceCheckUtils]: 3: Hoare triple {30392#true} call select_features_#t~ret58#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:25,766 INFO L290 TraceCheckUtils]: 4: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:25,766 INFO L290 TraceCheckUtils]: 5: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:25,766 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {30392#true} {30392#true} #1741#return; {30392#true} is VALID [2022-02-20 18:02:25,766 INFO L290 TraceCheckUtils]: 7: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {30392#true} is VALID [2022-02-20 18:02:25,767 INFO L272 TraceCheckUtils]: 8: Hoare triple {30392#true} call select_features_#t~ret59#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:25,767 INFO L290 TraceCheckUtils]: 9: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:25,767 INFO L290 TraceCheckUtils]: 10: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:25,767 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {30392#true} {30392#true} #1743#return; {30392#true} is VALID [2022-02-20 18:02:25,767 INFO L290 TraceCheckUtils]: 12: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {30392#true} is VALID [2022-02-20 18:02:25,767 INFO L272 TraceCheckUtils]: 13: Hoare triple {30392#true} call select_features_#t~ret60#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:25,767 INFO L290 TraceCheckUtils]: 14: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:25,768 INFO L290 TraceCheckUtils]: 15: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:25,768 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30392#true} {30392#true} #1745#return; {30392#true} is VALID [2022-02-20 18:02:25,768 INFO L290 TraceCheckUtils]: 17: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {30392#true} is VALID [2022-02-20 18:02:25,768 INFO L272 TraceCheckUtils]: 18: Hoare triple {30392#true} call select_features_#t~ret61#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:25,768 INFO L290 TraceCheckUtils]: 19: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:25,768 INFO L290 TraceCheckUtils]: 20: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:25,768 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {30392#true} {30392#true} #1747#return; {30392#true} is VALID [2022-02-20 18:02:25,768 INFO L290 TraceCheckUtils]: 22: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {30392#true} is VALID [2022-02-20 18:02:25,769 INFO L272 TraceCheckUtils]: 23: Hoare triple {30392#true} call select_features_#t~ret62#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:25,769 INFO L290 TraceCheckUtils]: 24: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:25,769 INFO L290 TraceCheckUtils]: 25: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:25,769 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {30392#true} {30392#true} #1749#return; {30392#true} is VALID [2022-02-20 18:02:25,769 INFO L290 TraceCheckUtils]: 27: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {30392#true} is VALID [2022-02-20 18:02:25,769 INFO L272 TraceCheckUtils]: 28: Hoare triple {30392#true} call select_features_#t~ret63#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:25,769 INFO L290 TraceCheckUtils]: 29: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:25,770 INFO L290 TraceCheckUtils]: 30: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:25,770 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {30392#true} {30392#true} #1751#return; {30392#true} is VALID [2022-02-20 18:02:25,770 INFO L290 TraceCheckUtils]: 32: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {30392#true} is VALID [2022-02-20 18:02:25,770 INFO L272 TraceCheckUtils]: 33: Hoare triple {30392#true} call select_features_#t~ret64#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:25,770 INFO L290 TraceCheckUtils]: 34: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:25,770 INFO L290 TraceCheckUtils]: 35: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:25,770 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {30392#true} {30392#true} #1753#return; {30392#true} is VALID [2022-02-20 18:02:25,770 INFO L290 TraceCheckUtils]: 37: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {30392#true} is VALID [2022-02-20 18:02:25,771 INFO L272 TraceCheckUtils]: 38: Hoare triple {30392#true} call select_features_#t~ret65#1 := select_one(); {30392#true} is VALID [2022-02-20 18:02:25,771 INFO L290 TraceCheckUtils]: 39: Hoare triple {30392#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {30392#true} is VALID [2022-02-20 18:02:25,771 INFO L290 TraceCheckUtils]: 40: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:25,771 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {30392#true} {30392#true} #1755#return; {30392#true} is VALID [2022-02-20 18:02:25,771 INFO L290 TraceCheckUtils]: 42: Hoare triple {30392#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {30392#true} is VALID [2022-02-20 18:02:25,771 INFO L290 TraceCheckUtils]: 43: Hoare triple {30392#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {30392#true} is VALID [2022-02-20 18:02:25,771 INFO L290 TraceCheckUtils]: 44: Hoare triple {30392#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {30392#true} is VALID [2022-02-20 18:02:25,772 INFO L290 TraceCheckUtils]: 45: Hoare triple {30392#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {30392#true} is VALID [2022-02-20 18:02:25,772 INFO L290 TraceCheckUtils]: 46: Hoare triple {30392#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {30392#true} is VALID [2022-02-20 18:02:25,772 INFO L290 TraceCheckUtils]: 47: Hoare triple {30392#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {30392#true} is VALID [2022-02-20 18:02:25,772 INFO L290 TraceCheckUtils]: 48: Hoare triple {30392#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {30392#true} is VALID [2022-02-20 18:02:25,772 INFO L290 TraceCheckUtils]: 49: Hoare triple {30392#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {30392#true} is VALID [2022-02-20 18:02:25,772 INFO L290 TraceCheckUtils]: 50: Hoare triple {30392#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {30392#true} is VALID [2022-02-20 18:02:25,772 INFO L290 TraceCheckUtils]: 51: Hoare triple {30392#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {30392#true} is VALID [2022-02-20 18:02:25,772 INFO L290 TraceCheckUtils]: 52: Hoare triple {30392#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {30392#true} is VALID [2022-02-20 18:02:25,773 INFO L290 TraceCheckUtils]: 53: Hoare triple {30392#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~9#1 := 1; {30392#true} is VALID [2022-02-20 18:02:25,773 INFO L290 TraceCheckUtils]: 54: Hoare triple {30392#true} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {30392#true} is VALID [2022-02-20 18:02:25,773 INFO L290 TraceCheckUtils]: 55: Hoare triple {30392#true} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {30392#true} is VALID [2022-02-20 18:02:25,773 INFO L290 TraceCheckUtils]: 56: Hoare triple {30392#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {30392#true} is VALID [2022-02-20 18:02:25,773 INFO L290 TraceCheckUtils]: 57: Hoare triple {30392#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {30392#true} is VALID [2022-02-20 18:02:25,773 INFO L272 TraceCheckUtils]: 58: Hoare triple {30392#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {30392#true} is VALID [2022-02-20 18:02:25,773 INFO L290 TraceCheckUtils]: 59: Hoare triple {30392#true} ~bob___0 := #in~bob___0; {30392#true} is VALID [2022-02-20 18:02:25,774 INFO L272 TraceCheckUtils]: 60: Hoare triple {30392#true} call setClientId(~bob___0, ~bob___0); {30392#true} is VALID [2022-02-20 18:02:25,774 INFO L290 TraceCheckUtils]: 61: Hoare triple {30392#true} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:25,774 INFO L290 TraceCheckUtils]: 62: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:25,774 INFO L290 TraceCheckUtils]: 63: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:25,774 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {30392#true} {30392#true} #1739#return; {30392#true} is VALID [2022-02-20 18:02:25,774 INFO L290 TraceCheckUtils]: 65: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:25,774 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {30392#true} {30392#true} #1757#return; {30392#true} is VALID [2022-02-20 18:02:25,775 INFO L272 TraceCheckUtils]: 67: Hoare triple {30392#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {30392#true} is VALID [2022-02-20 18:02:25,775 INFO L290 TraceCheckUtils]: 68: Hoare triple {30392#true} ~handle := #in~handle;~value := #in~value; {30392#true} is VALID [2022-02-20 18:02:25,775 INFO L290 TraceCheckUtils]: 69: Hoare triple {30392#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30392#true} is VALID [2022-02-20 18:02:25,775 INFO L290 TraceCheckUtils]: 70: Hoare triple {30392#true} assume true; {30392#true} is VALID [2022-02-20 18:02:25,775 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {30392#true} {30392#true} #1759#return; {30392#true} is VALID [2022-02-20 18:02:25,775 INFO L290 TraceCheckUtils]: 72: Hoare triple {30392#true} assume { :end_inline_setup_bob__role__Keys } true; {30392#true} is VALID [2022-02-20 18:02:25,776 INFO L290 TraceCheckUtils]: 73: Hoare triple {30392#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {30743#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:25,776 INFO L290 TraceCheckUtils]: 74: Hoare triple {30743#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {30747#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:02:25,777 INFO L272 TraceCheckUtils]: 75: Hoare triple {30747#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {30392#true} is VALID [2022-02-20 18:02:25,777 INFO L290 TraceCheckUtils]: 76: Hoare triple {30392#true} ~rjh___0 := #in~rjh___0; {30754#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} is VALID [2022-02-20 18:02:25,777 INFO L272 TraceCheckUtils]: 77: Hoare triple {30754#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} call setClientId(~rjh___0, ~rjh___0); {30392#true} is VALID [2022-02-20 18:02:25,777 INFO L290 TraceCheckUtils]: 78: Hoare triple {30392#true} ~handle := #in~handle;~value := #in~value; {30761#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:02:25,778 INFO L290 TraceCheckUtils]: 79: Hoare triple {30761#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30765#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:25,778 INFO L290 TraceCheckUtils]: 80: Hoare triple {30765#(<= |setClientId_#in~handle| 1)} assume true; {30765#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:25,779 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {30765#(<= |setClientId_#in~handle| 1)} {30754#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} #1691#return; {30772#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:25,780 INFO L290 TraceCheckUtils]: 82: Hoare triple {30772#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {30772#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:02:25,780 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {30772#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} {30747#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1763#return; {30393#false} is VALID [2022-02-20 18:02:25,780 INFO L272 TraceCheckUtils]: 84: Hoare triple {30393#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {30393#false} is VALID [2022-02-20 18:02:25,780 INFO L290 TraceCheckUtils]: 85: Hoare triple {30393#false} ~handle := #in~handle;~value := #in~value; {30393#false} is VALID [2022-02-20 18:02:25,781 INFO L290 TraceCheckUtils]: 86: Hoare triple {30393#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30393#false} is VALID [2022-02-20 18:02:25,781 INFO L290 TraceCheckUtils]: 87: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,781 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {30393#false} {30393#false} #1765#return; {30393#false} is VALID [2022-02-20 18:02:25,781 INFO L290 TraceCheckUtils]: 89: Hoare triple {30393#false} assume { :end_inline_setup_rjh__role__Keys } true; {30393#false} is VALID [2022-02-20 18:02:25,781 INFO L290 TraceCheckUtils]: 90: Hoare triple {30393#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {30393#false} is VALID [2022-02-20 18:02:25,781 INFO L290 TraceCheckUtils]: 91: Hoare triple {30393#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {30393#false} is VALID [2022-02-20 18:02:25,781 INFO L272 TraceCheckUtils]: 92: Hoare triple {30393#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {30393#false} is VALID [2022-02-20 18:02:25,781 INFO L290 TraceCheckUtils]: 93: Hoare triple {30393#false} ~chuck___0 := #in~chuck___0; {30393#false} is VALID [2022-02-20 18:02:25,782 INFO L272 TraceCheckUtils]: 94: Hoare triple {30393#false} call setClientId(~chuck___0, ~chuck___0); {30393#false} is VALID [2022-02-20 18:02:25,782 INFO L290 TraceCheckUtils]: 95: Hoare triple {30393#false} ~handle := #in~handle;~value := #in~value; {30393#false} is VALID [2022-02-20 18:02:25,782 INFO L290 TraceCheckUtils]: 96: Hoare triple {30393#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30393#false} is VALID [2022-02-20 18:02:25,782 INFO L290 TraceCheckUtils]: 97: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,782 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {30393#false} {30393#false} #1629#return; {30393#false} is VALID [2022-02-20 18:02:25,782 INFO L290 TraceCheckUtils]: 99: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,783 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {30393#false} {30393#false} #1769#return; {30393#false} is VALID [2022-02-20 18:02:25,783 INFO L272 TraceCheckUtils]: 101: Hoare triple {30393#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {30393#false} is VALID [2022-02-20 18:02:25,784 INFO L290 TraceCheckUtils]: 102: Hoare triple {30393#false} ~handle := #in~handle;~value := #in~value; {30393#false} is VALID [2022-02-20 18:02:25,784 INFO L290 TraceCheckUtils]: 103: Hoare triple {30393#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30393#false} is VALID [2022-02-20 18:02:25,784 INFO L290 TraceCheckUtils]: 104: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,785 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {30393#false} {30393#false} #1771#return; {30393#false} is VALID [2022-02-20 18:02:25,785 INFO L290 TraceCheckUtils]: 106: Hoare triple {30393#false} assume { :end_inline_setup_chuck__role__Keys } true; {30393#false} is VALID [2022-02-20 18:02:25,785 INFO L290 TraceCheckUtils]: 107: Hoare triple {30393#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {30393#false} is VALID [2022-02-20 18:02:25,785 INFO L290 TraceCheckUtils]: 108: Hoare triple {30393#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30393#false} is VALID [2022-02-20 18:02:25,785 INFO L290 TraceCheckUtils]: 109: Hoare triple {30393#false} assume !false; {30393#false} is VALID [2022-02-20 18:02:25,786 INFO L290 TraceCheckUtils]: 110: Hoare triple {30393#false} assume test_~splverifierCounter~0#1 < 4; {30393#false} is VALID [2022-02-20 18:02:25,786 INFO L290 TraceCheckUtils]: 111: Hoare triple {30393#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30393#false} is VALID [2022-02-20 18:02:25,786 INFO L290 TraceCheckUtils]: 112: Hoare triple {30393#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {30393#false} is VALID [2022-02-20 18:02:25,786 INFO L290 TraceCheckUtils]: 113: Hoare triple {30393#false} assume !(0 != test_~tmp___9~0#1); {30393#false} is VALID [2022-02-20 18:02:25,786 INFO L290 TraceCheckUtils]: 114: Hoare triple {30393#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {30393#false} is VALID [2022-02-20 18:02:25,786 INFO L290 TraceCheckUtils]: 115: Hoare triple {30393#false} assume 0 != test_~tmp___8~0#1; {30393#false} is VALID [2022-02-20 18:02:25,786 INFO L290 TraceCheckUtils]: 116: Hoare triple {30393#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {30393#false} is VALID [2022-02-20 18:02:25,786 INFO L290 TraceCheckUtils]: 117: Hoare triple {30393#false} test_~op2~0#1 := 1; {30393#false} is VALID [2022-02-20 18:02:25,787 INFO L290 TraceCheckUtils]: 118: Hoare triple {30393#false} assume !false; {30393#false} is VALID [2022-02-20 18:02:25,787 INFO L290 TraceCheckUtils]: 119: Hoare triple {30393#false} assume !(test_~splverifierCounter~0#1 < 4); {30393#false} is VALID [2022-02-20 18:02:25,787 INFO L290 TraceCheckUtils]: 120: Hoare triple {30393#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {30393#false} is VALID [2022-02-20 18:02:25,787 INFO L272 TraceCheckUtils]: 121: Hoare triple {30393#false} call sendEmail(~bob~0, ~rjh~0); {30393#false} is VALID [2022-02-20 18:02:25,787 INFO L290 TraceCheckUtils]: 122: Hoare triple {30393#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30393#false} is VALID [2022-02-20 18:02:25,787 INFO L272 TraceCheckUtils]: 123: Hoare triple {30393#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30393#false} is VALID [2022-02-20 18:02:25,787 INFO L290 TraceCheckUtils]: 124: Hoare triple {30393#false} ~handle := #in~handle;~value := #in~value; {30393#false} is VALID [2022-02-20 18:02:25,788 INFO L290 TraceCheckUtils]: 125: Hoare triple {30393#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30393#false} is VALID [2022-02-20 18:02:25,788 INFO L290 TraceCheckUtils]: 126: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,788 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {30393#false} {30393#false} #1651#return; {30393#false} is VALID [2022-02-20 18:02:25,788 INFO L272 TraceCheckUtils]: 128: Hoare triple {30393#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30393#false} is VALID [2022-02-20 18:02:25,788 INFO L290 TraceCheckUtils]: 129: Hoare triple {30393#false} ~handle := #in~handle;~value := #in~value; {30393#false} is VALID [2022-02-20 18:02:25,788 INFO L290 TraceCheckUtils]: 130: Hoare triple {30393#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30393#false} is VALID [2022-02-20 18:02:25,788 INFO L290 TraceCheckUtils]: 131: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,788 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {30393#false} {30393#false} #1653#return; {30393#false} is VALID [2022-02-20 18:02:25,789 INFO L290 TraceCheckUtils]: 133: Hoare triple {30393#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {30393#false} is VALID [2022-02-20 18:02:25,789 INFO L290 TraceCheckUtils]: 134: Hoare triple {30393#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {30393#false} is VALID [2022-02-20 18:02:25,789 INFO L272 TraceCheckUtils]: 135: Hoare triple {30393#false} call outgoing(~sender#1, ~email~0#1); {30393#false} is VALID [2022-02-20 18:02:25,789 INFO L290 TraceCheckUtils]: 136: Hoare triple {30393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30393#false} is VALID [2022-02-20 18:02:25,789 INFO L290 TraceCheckUtils]: 137: Hoare triple {30393#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {30393#false} is VALID [2022-02-20 18:02:25,789 INFO L272 TraceCheckUtils]: 138: Hoare triple {30393#false} call outgoing__before__Sign(~client#1, ~msg#1); {30393#false} is VALID [2022-02-20 18:02:25,789 INFO L290 TraceCheckUtils]: 139: Hoare triple {30393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30393#false} is VALID [2022-02-20 18:02:25,789 INFO L290 TraceCheckUtils]: 140: Hoare triple {30393#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret105#1, outgoing__role__AddressBook_#t~ret106#1, outgoing__role__AddressBook_#t~ret107#1, outgoing__role__AddressBook_#t~ret108#1, outgoing__role__AddressBook_#t~ret109#1, outgoing__role__AddressBook_#t~ret110#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~2#1, outgoing__role__AddressBook_~tmp~19#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~8#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~4#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~2#1;havoc outgoing__role__AddressBook_~tmp~19#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~8#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~4#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {30393#false} is VALID [2022-02-20 18:02:25,790 INFO L272 TraceCheckUtils]: 141: Hoare triple {30393#false} call outgoing__role__AddressBook_#t~ret105#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {30393#false} is VALID [2022-02-20 18:02:25,790 INFO L290 TraceCheckUtils]: 142: Hoare triple {30393#false} ~handle := #in~handle;havoc ~retValue_acc~13; {30393#false} is VALID [2022-02-20 18:02:25,790 INFO L290 TraceCheckUtils]: 143: Hoare triple {30393#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~13; {30393#false} is VALID [2022-02-20 18:02:25,790 INFO L290 TraceCheckUtils]: 144: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,790 INFO L284 TraceCheckUtils]: 145: Hoare quadruple {30393#false} {30393#false} #1631#return; {30393#false} is VALID [2022-02-20 18:02:25,790 INFO L290 TraceCheckUtils]: 146: Hoare triple {30393#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret105#1 && outgoing__role__AddressBook_#t~ret105#1 <= 2147483647;outgoing__role__AddressBook_~tmp~19#1 := outgoing__role__AddressBook_#t~ret105#1;havoc outgoing__role__AddressBook_#t~ret105#1;outgoing__role__AddressBook_~size~2#1 := outgoing__role__AddressBook_~tmp~19#1; {30393#false} is VALID [2022-02-20 18:02:25,790 INFO L290 TraceCheckUtils]: 147: Hoare triple {30393#false} assume !(0 != outgoing__role__AddressBook_~size~2#1); {30393#false} is VALID [2022-02-20 18:02:25,790 INFO L272 TraceCheckUtils]: 148: Hoare triple {30393#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {30393#false} is VALID [2022-02-20 18:02:25,791 INFO L290 TraceCheckUtils]: 149: Hoare triple {30393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {30393#false} is VALID [2022-02-20 18:02:25,791 INFO L290 TraceCheckUtils]: 150: Hoare triple {30393#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret103#1, outgoing__role__Encrypt_#t~ret104#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~18#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~7#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~18#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~7#1; {30393#false} is VALID [2022-02-20 18:02:25,791 INFO L272 TraceCheckUtils]: 151: Hoare triple {30393#false} call outgoing__role__Encrypt_#t~ret103#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {30393#false} is VALID [2022-02-20 18:02:25,791 INFO L290 TraceCheckUtils]: 152: Hoare triple {30393#false} ~handle := #in~handle;havoc ~retValue_acc~32; {30393#false} is VALID [2022-02-20 18:02:25,791 INFO L290 TraceCheckUtils]: 153: Hoare triple {30393#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {30393#false} is VALID [2022-02-20 18:02:25,791 INFO L290 TraceCheckUtils]: 154: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,791 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {30393#false} {30393#false} #1617#return; {30393#false} is VALID [2022-02-20 18:02:25,792 INFO L290 TraceCheckUtils]: 156: Hoare triple {30393#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret103#1 && outgoing__role__Encrypt_#t~ret103#1 <= 2147483647;outgoing__role__Encrypt_~tmp~18#1 := outgoing__role__Encrypt_#t~ret103#1;havoc outgoing__role__Encrypt_#t~ret103#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~18#1; {30393#false} is VALID [2022-02-20 18:02:25,792 INFO L272 TraceCheckUtils]: 157: Hoare triple {30393#false} call outgoing__role__Encrypt_#t~ret104#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {30393#false} is VALID [2022-02-20 18:02:25,792 INFO L290 TraceCheckUtils]: 158: Hoare triple {30393#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {30393#false} is VALID [2022-02-20 18:02:25,792 INFO L290 TraceCheckUtils]: 159: Hoare triple {30393#false} assume 1 == ~handle; {30393#false} is VALID [2022-02-20 18:02:25,792 INFO L290 TraceCheckUtils]: 160: Hoare triple {30393#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {30393#false} is VALID [2022-02-20 18:02:25,792 INFO L290 TraceCheckUtils]: 161: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,792 INFO L284 TraceCheckUtils]: 162: Hoare quadruple {30393#false} {30393#false} #1619#return; {30393#false} is VALID [2022-02-20 18:02:25,792 INFO L290 TraceCheckUtils]: 163: Hoare triple {30393#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret104#1 && outgoing__role__Encrypt_#t~ret104#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~7#1 := outgoing__role__Encrypt_#t~ret104#1;havoc outgoing__role__Encrypt_#t~ret104#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~7#1; {30393#false} is VALID [2022-02-20 18:02:25,793 INFO L290 TraceCheckUtils]: 164: Hoare triple {30393#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {30393#false} is VALID [2022-02-20 18:02:25,793 INFO L272 TraceCheckUtils]: 165: Hoare triple {30393#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {30393#false} is VALID [2022-02-20 18:02:25,793 INFO L290 TraceCheckUtils]: 166: Hoare triple {30393#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {30393#false} is VALID [2022-02-20 18:02:25,793 INFO L290 TraceCheckUtils]: 167: Hoare triple {30393#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {30393#false} is VALID [2022-02-20 18:02:25,793 INFO L290 TraceCheckUtils]: 168: Hoare triple {30393#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {30393#false} is VALID [2022-02-20 18:02:25,793 INFO L272 TraceCheckUtils]: 169: Hoare triple {30393#false} call setEmailFrom(~msg#1, ~tmp~17#1); {30393#false} is VALID [2022-02-20 18:02:25,793 INFO L290 TraceCheckUtils]: 170: Hoare triple {30393#false} ~handle := #in~handle;~value := #in~value; {30393#false} is VALID [2022-02-20 18:02:25,793 INFO L290 TraceCheckUtils]: 171: Hoare triple {30393#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30393#false} is VALID [2022-02-20 18:02:25,794 INFO L290 TraceCheckUtils]: 172: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,794 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {30393#false} {30393#false} #1663#return; {30393#false} is VALID [2022-02-20 18:02:25,794 INFO L290 TraceCheckUtils]: 174: Hoare triple {30393#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {30393#false} is VALID [2022-02-20 18:02:25,794 INFO L272 TraceCheckUtils]: 175: Hoare triple {30393#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {30393#false} is VALID [2022-02-20 18:02:25,794 INFO L290 TraceCheckUtils]: 176: Hoare triple {30393#false} ~handle := #in~handle;havoc ~retValue_acc~35; {30393#false} is VALID [2022-02-20 18:02:25,794 INFO L290 TraceCheckUtils]: 177: Hoare triple {30393#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {30393#false} is VALID [2022-02-20 18:02:25,794 INFO L290 TraceCheckUtils]: 178: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,794 INFO L284 TraceCheckUtils]: 179: Hoare quadruple {30393#false} {30393#false} #1665#return; {30393#false} is VALID [2022-02-20 18:02:25,795 INFO L290 TraceCheckUtils]: 180: Hoare triple {30393#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {30393#false} is VALID [2022-02-20 18:02:25,795 INFO L290 TraceCheckUtils]: 181: Hoare triple {30393#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {30393#false} is VALID [2022-02-20 18:02:25,795 INFO L272 TraceCheckUtils]: 182: Hoare triple {30393#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {30393#false} is VALID [2022-02-20 18:02:25,795 INFO L290 TraceCheckUtils]: 183: Hoare triple {30393#false} ~handle := #in~handle;havoc ~retValue_acc~32; {30393#false} is VALID [2022-02-20 18:02:25,795 INFO L290 TraceCheckUtils]: 184: Hoare triple {30393#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {30393#false} is VALID [2022-02-20 18:02:25,795 INFO L290 TraceCheckUtils]: 185: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,795 INFO L284 TraceCheckUtils]: 186: Hoare quadruple {30393#false} {30393#false} #1667#return; {30393#false} is VALID [2022-02-20 18:02:25,796 INFO L290 TraceCheckUtils]: 187: Hoare triple {30393#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {30393#false} is VALID [2022-02-20 18:02:25,796 INFO L290 TraceCheckUtils]: 188: Hoare triple {30393#false} assume 1 == ~sent_encrypted~0; {30393#false} is VALID [2022-02-20 18:02:25,796 INFO L272 TraceCheckUtils]: 189: Hoare triple {30393#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {30393#false} is VALID [2022-02-20 18:02:25,796 INFO L290 TraceCheckUtils]: 190: Hoare triple {30393#false} ~handle := #in~handle;havoc ~retValue_acc~19; {30393#false} is VALID [2022-02-20 18:02:25,796 INFO L290 TraceCheckUtils]: 191: Hoare triple {30393#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {30393#false} is VALID [2022-02-20 18:02:25,796 INFO L290 TraceCheckUtils]: 192: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,796 INFO L284 TraceCheckUtils]: 193: Hoare quadruple {30393#false} {30393#false} #1669#return; {30393#false} is VALID [2022-02-20 18:02:25,796 INFO L290 TraceCheckUtils]: 194: Hoare triple {30393#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {30393#false} is VALID [2022-02-20 18:02:25,797 INFO L272 TraceCheckUtils]: 195: Hoare triple {30393#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {30393#false} is VALID [2022-02-20 18:02:25,797 INFO L290 TraceCheckUtils]: 196: Hoare triple {30393#false} ~handle := #in~handle;havoc ~retValue_acc~36; {30393#false} is VALID [2022-02-20 18:02:25,797 INFO L290 TraceCheckUtils]: 197: Hoare triple {30393#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {30393#false} is VALID [2022-02-20 18:02:25,797 INFO L290 TraceCheckUtils]: 198: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,797 INFO L284 TraceCheckUtils]: 199: Hoare quadruple {30393#false} {30393#false} #1671#return; {30393#false} is VALID [2022-02-20 18:02:25,797 INFO L290 TraceCheckUtils]: 200: Hoare triple {30393#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {30393#false} is VALID [2022-02-20 18:02:25,797 INFO L272 TraceCheckUtils]: 201: Hoare triple {30393#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {30393#false} is VALID [2022-02-20 18:02:25,797 INFO L290 TraceCheckUtils]: 202: Hoare triple {30393#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {30393#false} is VALID [2022-02-20 18:02:25,798 INFO L290 TraceCheckUtils]: 203: Hoare triple {30393#false} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {30393#false} is VALID [2022-02-20 18:02:25,798 INFO L290 TraceCheckUtils]: 204: Hoare triple {30393#false} assume true; {30393#false} is VALID [2022-02-20 18:02:25,798 INFO L284 TraceCheckUtils]: 205: Hoare quadruple {30393#false} {30393#false} #1673#return; {30393#false} is VALID [2022-02-20 18:02:25,798 INFO L290 TraceCheckUtils]: 206: Hoare triple {30393#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {30393#false} is VALID [2022-02-20 18:02:25,798 INFO L290 TraceCheckUtils]: 207: Hoare triple {30393#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {30393#false} is VALID [2022-02-20 18:02:25,798 INFO L290 TraceCheckUtils]: 208: Hoare triple {30393#false} assume !false; {30393#false} is VALID [2022-02-20 18:02:25,799 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 99 trivial. 0 not checked. [2022-02-20 18:02:25,799 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:25,799 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1808308385] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:25,799 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:25,799 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [12] total 18 [2022-02-20 18:02:25,800 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [160406980] [2022-02-20 18:02:25,800 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:25,801 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 20.666666666666668) internal successors, (124), 8 states have internal predecessors, (124), 4 states have call successors, (33), 2 states have call predecessors, (33), 4 states have return successors, (28), 3 states have call predecessors, (28), 4 states have call successors, (28) Word has length 209 [2022-02-20 18:02:25,801 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:25,801 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 6 states have (on average 20.666666666666668) internal successors, (124), 8 states have internal predecessors, (124), 4 states have call successors, (33), 2 states have call predecessors, (33), 4 states have return successors, (28), 3 states have call predecessors, (28), 4 states have call successors, (28) [2022-02-20 18:02:25,948 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 185 edges. 185 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:25,949 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:02:25,949 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:25,949 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:02:25,949 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=267, Unknown=0, NotChecked=0, Total=306 [2022-02-20 18:02:25,950 INFO L87 Difference]: Start difference. First operand 688 states and 1004 transitions. Second operand has 8 states, 6 states have (on average 20.666666666666668) internal successors, (124), 8 states have internal predecessors, (124), 4 states have call successors, (33), 2 states have call predecessors, (33), 4 states have return successors, (28), 3 states have call predecessors, (28), 4 states have call successors, (28) [2022-02-20 18:02:29,236 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:29,237 INFO L93 Difference]: Finished difference Result 1323 states and 1945 transitions. [2022-02-20 18:02:29,237 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:02:29,237 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 20.666666666666668) internal successors, (124), 8 states have internal predecessors, (124), 4 states have call successors, (33), 2 states have call predecessors, (33), 4 states have return successors, (28), 3 states have call predecessors, (28), 4 states have call successors, (28) Word has length 209 [2022-02-20 18:02:29,238 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:29,239 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 20.666666666666668) internal successors, (124), 8 states have internal predecessors, (124), 4 states have call successors, (33), 2 states have call predecessors, (33), 4 states have return successors, (28), 3 states have call predecessors, (28), 4 states have call successors, (28) [2022-02-20 18:02:29,280 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1647 transitions. [2022-02-20 18:02:29,281 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 20.666666666666668) internal successors, (124), 8 states have internal predecessors, (124), 4 states have call successors, (33), 2 states have call predecessors, (33), 4 states have return successors, (28), 3 states have call predecessors, (28), 4 states have call successors, (28) [2022-02-20 18:02:29,306 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1647 transitions. [2022-02-20 18:02:29,307 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 1647 transitions. [2022-02-20 18:02:30,383 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1647 edges. 1647 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:30,463 INFO L225 Difference]: With dead ends: 1323 [2022-02-20 18:02:30,463 INFO L226 Difference]: Without dead ends: 690 [2022-02-20 18:02:30,466 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 273 GetRequests, 254 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 18 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=51, Invalid=369, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:02:30,466 INFO L933 BasicCegarLoop]: 843 mSDtfsCounter, 363 mSDsluCounter, 4649 mSDsCounter, 0 mSdLazyCounter, 75 mSolverCounterSat, 44 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 365 SdHoareTripleChecker+Valid, 5492 SdHoareTripleChecker+Invalid, 119 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 44 IncrementalHoareTripleChecker+Valid, 75 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:30,467 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [365 Valid, 5492 Invalid, 119 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [44 Valid, 75 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:02:30,473 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 690 states. [2022-02-20 18:02:30,616 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 690 to 690. [2022-02-20 18:02:30,617 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:30,618 INFO L82 GeneralOperation]: Start isEquivalent. First operand 690 states. Second operand has 690 states, 525 states have (on average 1.4628571428571429) internal successors, (768), 537 states have internal predecessors, (768), 119 states have call successors, (119), 44 states have call predecessors, (119), 45 states have return successors, (120), 117 states have call predecessors, (120), 118 states have call successors, (120) [2022-02-20 18:02:30,619 INFO L74 IsIncluded]: Start isIncluded. First operand 690 states. Second operand has 690 states, 525 states have (on average 1.4628571428571429) internal successors, (768), 537 states have internal predecessors, (768), 119 states have call successors, (119), 44 states have call predecessors, (119), 45 states have return successors, (120), 117 states have call predecessors, (120), 118 states have call successors, (120) [2022-02-20 18:02:30,621 INFO L87 Difference]: Start difference. First operand 690 states. Second operand has 690 states, 525 states have (on average 1.4628571428571429) internal successors, (768), 537 states have internal predecessors, (768), 119 states have call successors, (119), 44 states have call predecessors, (119), 45 states have return successors, (120), 117 states have call predecessors, (120), 118 states have call successors, (120) [2022-02-20 18:02:30,699 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:30,699 INFO L93 Difference]: Finished difference Result 690 states and 1007 transitions. [2022-02-20 18:02:30,699 INFO L276 IsEmpty]: Start isEmpty. Operand 690 states and 1007 transitions. [2022-02-20 18:02:30,701 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:30,701 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:30,702 INFO L74 IsIncluded]: Start isIncluded. First operand has 690 states, 525 states have (on average 1.4628571428571429) internal successors, (768), 537 states have internal predecessors, (768), 119 states have call successors, (119), 44 states have call predecessors, (119), 45 states have return successors, (120), 117 states have call predecessors, (120), 118 states have call successors, (120) Second operand 690 states. [2022-02-20 18:02:30,703 INFO L87 Difference]: Start difference. First operand has 690 states, 525 states have (on average 1.4628571428571429) internal successors, (768), 537 states have internal predecessors, (768), 119 states have call successors, (119), 44 states have call predecessors, (119), 45 states have return successors, (120), 117 states have call predecessors, (120), 118 states have call successors, (120) Second operand 690 states. [2022-02-20 18:02:30,725 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:30,725 INFO L93 Difference]: Finished difference Result 690 states and 1007 transitions. [2022-02-20 18:02:30,725 INFO L276 IsEmpty]: Start isEmpty. Operand 690 states and 1007 transitions. [2022-02-20 18:02:30,727 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:30,727 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:30,727 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:30,727 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:30,728 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 690 states, 525 states have (on average 1.4628571428571429) internal successors, (768), 537 states have internal predecessors, (768), 119 states have call successors, (119), 44 states have call predecessors, (119), 45 states have return successors, (120), 117 states have call predecessors, (120), 118 states have call successors, (120) [2022-02-20 18:02:30,752 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 690 states to 690 states and 1007 transitions. [2022-02-20 18:02:30,752 INFO L78 Accepts]: Start accepts. Automaton has 690 states and 1007 transitions. Word has length 209 [2022-02-20 18:02:30,752 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:30,753 INFO L470 AbstractCegarLoop]: Abstraction has 690 states and 1007 transitions. [2022-02-20 18:02:30,753 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 6 states have (on average 20.666666666666668) internal successors, (124), 8 states have internal predecessors, (124), 4 states have call successors, (33), 2 states have call predecessors, (33), 4 states have return successors, (28), 3 states have call predecessors, (28), 4 states have call successors, (28) [2022-02-20 18:02:30,753 INFO L276 IsEmpty]: Start isEmpty. Operand 690 states and 1007 transitions. [2022-02-20 18:02:30,756 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 211 [2022-02-20 18:02:30,756 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:30,756 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:30,832 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:30,973 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:30,974 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:30,975 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:30,975 INFO L85 PathProgramCache]: Analyzing trace with hash 1597410583, now seen corresponding path program 1 times [2022-02-20 18:02:30,975 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:30,975 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2020937053] [2022-02-20 18:02:30,975 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:30,976 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:31,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,104 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:02:31,106 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,107 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,107 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,107 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35313#true} {35313#true} #1741#return; {35313#true} is VALID [2022-02-20 18:02:31,108 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:02:31,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,110 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,110 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,110 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35313#true} {35313#true} #1743#return; {35313#true} is VALID [2022-02-20 18:02:31,111 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:02:31,112 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,113 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,113 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,113 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35313#true} {35313#true} #1745#return; {35313#true} is VALID [2022-02-20 18:02:31,114 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:31,115 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,117 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,117 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,117 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35313#true} {35313#true} #1747#return; {35313#true} is VALID [2022-02-20 18:02:31,117 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:02:31,118 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,120 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,120 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,120 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35313#true} {35313#true} #1749#return; {35313#true} is VALID [2022-02-20 18:02:31,120 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:02:31,122 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,123 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,123 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,124 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35313#true} {35313#true} #1751#return; {35313#true} is VALID [2022-02-20 18:02:31,124 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:02:31,125 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,127 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,127 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,127 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35313#true} {35313#true} #1753#return; {35313#true} is VALID [2022-02-20 18:02:31,127 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:02:31,128 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,130 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,130 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,130 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {35313#true} {35313#true} #1755#return; {35313#true} is VALID [2022-02-20 18:02:31,134 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:02:31,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,138 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:31,138 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,139 INFO L290 TraceCheckUtils]: 0: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,140 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,140 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,140 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35313#true} #1739#return; {35313#true} is VALID [2022-02-20 18:02:31,140 INFO L290 TraceCheckUtils]: 0: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {35313#true} is VALID [2022-02-20 18:02:31,141 INFO L272 TraceCheckUtils]: 1: Hoare triple {35313#true} call setClientId(~bob___0, ~bob___0); {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:31,141 INFO L290 TraceCheckUtils]: 2: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,141 INFO L290 TraceCheckUtils]: 3: Hoare triple {35313#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,141 INFO L290 TraceCheckUtils]: 4: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,141 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {35313#true} {35313#true} #1739#return; {35313#true} is VALID [2022-02-20 18:02:31,141 INFO L290 TraceCheckUtils]: 6: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,141 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {35313#true} {35313#true} #1757#return; {35313#true} is VALID [2022-02-20 18:02:31,146 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:02:31,147 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,149 INFO L290 TraceCheckUtils]: 0: Hoare triple {35427#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,149 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,149 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,149 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35313#true} #1759#return; {35313#true} is VALID [2022-02-20 18:02:31,150 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:02:31,151 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,162 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:31,164 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,181 INFO L290 TraceCheckUtils]: 0: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35435#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,181 INFO L290 TraceCheckUtils]: 1: Hoare triple {35435#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {35435#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,181 INFO L290 TraceCheckUtils]: 2: Hoare triple {35435#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {35436#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,182 INFO L290 TraceCheckUtils]: 3: Hoare triple {35436#(= 2 |setClientId_#in~handle|)} assume true; {35436#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,182 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {35436#(= 2 |setClientId_#in~handle|)} {35428#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1691#return; {35434#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:31,183 INFO L290 TraceCheckUtils]: 0: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {35428#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:31,183 INFO L272 TraceCheckUtils]: 1: Hoare triple {35428#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:31,184 INFO L290 TraceCheckUtils]: 2: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35435#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,185 INFO L290 TraceCheckUtils]: 3: Hoare triple {35435#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {35435#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,185 INFO L290 TraceCheckUtils]: 4: Hoare triple {35435#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {35436#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,186 INFO L290 TraceCheckUtils]: 5: Hoare triple {35436#(= 2 |setClientId_#in~handle|)} assume true; {35436#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,186 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {35436#(= 2 |setClientId_#in~handle|)} {35428#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1691#return; {35434#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:31,186 INFO L290 TraceCheckUtils]: 7: Hoare triple {35434#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {35434#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:31,187 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {35434#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {35313#true} #1763#return; {35360#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:31,188 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:02:31,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,208 INFO L290 TraceCheckUtils]: 0: Hoare triple {35427#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {35437#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:31,208 INFO L290 TraceCheckUtils]: 1: Hoare triple {35437#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35438#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:31,209 INFO L290 TraceCheckUtils]: 2: Hoare triple {35438#(= |setClientPrivateKey_#in~handle| 1)} assume true; {35438#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:31,209 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35438#(= |setClientPrivateKey_#in~handle| 1)} {35360#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1765#return; {35314#false} is VALID [2022-02-20 18:02:31,209 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:02:31,211 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,214 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:31,214 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,216 INFO L290 TraceCheckUtils]: 0: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,216 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,216 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,216 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35313#true} #1629#return; {35313#true} is VALID [2022-02-20 18:02:31,216 INFO L290 TraceCheckUtils]: 0: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {35313#true} is VALID [2022-02-20 18:02:31,217 INFO L272 TraceCheckUtils]: 1: Hoare triple {35313#true} call setClientId(~chuck___0, ~chuck___0); {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:31,217 INFO L290 TraceCheckUtils]: 2: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,217 INFO L290 TraceCheckUtils]: 3: Hoare triple {35313#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,217 INFO L290 TraceCheckUtils]: 4: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,217 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {35313#true} {35313#true} #1629#return; {35313#true} is VALID [2022-02-20 18:02:31,217 INFO L290 TraceCheckUtils]: 6: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,218 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {35313#true} {35314#false} #1769#return; {35314#false} is VALID [2022-02-20 18:02:31,218 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:02:31,220 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,222 INFO L290 TraceCheckUtils]: 0: Hoare triple {35427#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,222 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,223 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,223 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35314#false} #1771#return; {35314#false} is VALID [2022-02-20 18:02:31,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 18:02:31,232 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,235 INFO L290 TraceCheckUtils]: 0: Hoare triple {35443#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,235 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,235 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,236 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35314#false} #1651#return; {35314#false} is VALID [2022-02-20 18:02:31,244 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:02:31,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,256 INFO L290 TraceCheckUtils]: 0: Hoare triple {35444#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,257 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,257 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,257 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35314#false} #1653#return; {35314#false} is VALID [2022-02-20 18:02:31,257 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 18:02:31,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,260 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} ~handle := #in~handle;havoc ~retValue_acc~13; {35313#true} is VALID [2022-02-20 18:02:31,260 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~13; {35313#true} is VALID [2022-02-20 18:02:31,260 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,260 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35314#false} #1631#return; {35314#false} is VALID [2022-02-20 18:02:31,260 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 152 [2022-02-20 18:02:31,260 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,262 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} ~handle := #in~handle;havoc ~retValue_acc~32; {35313#true} is VALID [2022-02-20 18:02:31,262 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {35313#true} is VALID [2022-02-20 18:02:31,262 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,262 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35314#false} #1617#return; {35314#false} is VALID [2022-02-20 18:02:31,262 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 158 [2022-02-20 18:02:31,263 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,264 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {35313#true} is VALID [2022-02-20 18:02:31,264 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle; {35313#true} is VALID [2022-02-20 18:02:31,264 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {35313#true} is VALID [2022-02-20 18:02:31,264 INFO L290 TraceCheckUtils]: 3: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,264 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {35313#true} {35314#false} #1619#return; {35314#false} is VALID [2022-02-20 18:02:31,265 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 170 [2022-02-20 18:02:31,265 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,266 INFO L290 TraceCheckUtils]: 0: Hoare triple {35443#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,266 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,267 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,267 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35314#false} #1663#return; {35314#false} is VALID [2022-02-20 18:02:31,267 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 176 [2022-02-20 18:02:31,267 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,276 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} ~handle := #in~handle;havoc ~retValue_acc~35; {35313#true} is VALID [2022-02-20 18:02:31,276 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {35313#true} is VALID [2022-02-20 18:02:31,276 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,277 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35314#false} #1665#return; {35314#false} is VALID [2022-02-20 18:02:31,277 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 183 [2022-02-20 18:02:31,278 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,280 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} ~handle := #in~handle;havoc ~retValue_acc~32; {35313#true} is VALID [2022-02-20 18:02:31,280 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {35313#true} is VALID [2022-02-20 18:02:31,280 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,280 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35314#false} #1667#return; {35314#false} is VALID [2022-02-20 18:02:31,280 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 190 [2022-02-20 18:02:31,281 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,282 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} ~handle := #in~handle;havoc ~retValue_acc~19; {35313#true} is VALID [2022-02-20 18:02:31,282 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {35313#true} is VALID [2022-02-20 18:02:31,282 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,282 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35314#false} #1669#return; {35314#false} is VALID [2022-02-20 18:02:31,282 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 196 [2022-02-20 18:02:31,283 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,284 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} ~handle := #in~handle;havoc ~retValue_acc~36; {35313#true} is VALID [2022-02-20 18:02:31,284 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {35313#true} is VALID [2022-02-20 18:02:31,284 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,284 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35314#false} #1671#return; {35314#false} is VALID [2022-02-20 18:02:31,284 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 202 [2022-02-20 18:02:31,285 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,286 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {35313#true} is VALID [2022-02-20 18:02:31,287 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {35313#true} is VALID [2022-02-20 18:02:31,287 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,287 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35313#true} {35314#false} #1673#return; {35314#false} is VALID [2022-02-20 18:02:31,287 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {35313#true} is VALID [2022-02-20 18:02:31,287 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {35313#true} is VALID [2022-02-20 18:02:31,287 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {35313#true} is VALID [2022-02-20 18:02:31,287 INFO L272 TraceCheckUtils]: 3: Hoare triple {35313#true} call select_features_#t~ret58#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:31,287 INFO L290 TraceCheckUtils]: 4: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,288 INFO L290 TraceCheckUtils]: 5: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,288 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {35313#true} {35313#true} #1741#return; {35313#true} is VALID [2022-02-20 18:02:31,288 INFO L290 TraceCheckUtils]: 7: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {35313#true} is VALID [2022-02-20 18:02:31,288 INFO L272 TraceCheckUtils]: 8: Hoare triple {35313#true} call select_features_#t~ret59#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:31,288 INFO L290 TraceCheckUtils]: 9: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,288 INFO L290 TraceCheckUtils]: 10: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,288 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {35313#true} {35313#true} #1743#return; {35313#true} is VALID [2022-02-20 18:02:31,288 INFO L290 TraceCheckUtils]: 12: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {35313#true} is VALID [2022-02-20 18:02:31,288 INFO L272 TraceCheckUtils]: 13: Hoare triple {35313#true} call select_features_#t~ret60#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:31,288 INFO L290 TraceCheckUtils]: 14: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,289 INFO L290 TraceCheckUtils]: 15: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,289 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {35313#true} {35313#true} #1745#return; {35313#true} is VALID [2022-02-20 18:02:31,289 INFO L290 TraceCheckUtils]: 17: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {35313#true} is VALID [2022-02-20 18:02:31,289 INFO L272 TraceCheckUtils]: 18: Hoare triple {35313#true} call select_features_#t~ret61#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:31,289 INFO L290 TraceCheckUtils]: 19: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,289 INFO L290 TraceCheckUtils]: 20: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,289 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {35313#true} {35313#true} #1747#return; {35313#true} is VALID [2022-02-20 18:02:31,289 INFO L290 TraceCheckUtils]: 22: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {35313#true} is VALID [2022-02-20 18:02:31,289 INFO L272 TraceCheckUtils]: 23: Hoare triple {35313#true} call select_features_#t~ret62#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:31,290 INFO L290 TraceCheckUtils]: 24: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,290 INFO L290 TraceCheckUtils]: 25: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,290 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {35313#true} {35313#true} #1749#return; {35313#true} is VALID [2022-02-20 18:02:31,290 INFO L290 TraceCheckUtils]: 27: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {35313#true} is VALID [2022-02-20 18:02:31,290 INFO L272 TraceCheckUtils]: 28: Hoare triple {35313#true} call select_features_#t~ret63#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:31,290 INFO L290 TraceCheckUtils]: 29: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,290 INFO L290 TraceCheckUtils]: 30: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,290 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {35313#true} {35313#true} #1751#return; {35313#true} is VALID [2022-02-20 18:02:31,290 INFO L290 TraceCheckUtils]: 32: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {35313#true} is VALID [2022-02-20 18:02:31,290 INFO L272 TraceCheckUtils]: 33: Hoare triple {35313#true} call select_features_#t~ret64#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:31,291 INFO L290 TraceCheckUtils]: 34: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,291 INFO L290 TraceCheckUtils]: 35: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,291 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {35313#true} {35313#true} #1753#return; {35313#true} is VALID [2022-02-20 18:02:31,291 INFO L290 TraceCheckUtils]: 37: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {35313#true} is VALID [2022-02-20 18:02:31,291 INFO L272 TraceCheckUtils]: 38: Hoare triple {35313#true} call select_features_#t~ret65#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:31,291 INFO L290 TraceCheckUtils]: 39: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:31,291 INFO L290 TraceCheckUtils]: 40: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,291 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {35313#true} {35313#true} #1755#return; {35313#true} is VALID [2022-02-20 18:02:31,291 INFO L290 TraceCheckUtils]: 42: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {35313#true} is VALID [2022-02-20 18:02:31,291 INFO L290 TraceCheckUtils]: 43: Hoare triple {35313#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {35313#true} is VALID [2022-02-20 18:02:31,292 INFO L290 TraceCheckUtils]: 44: Hoare triple {35313#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {35313#true} is VALID [2022-02-20 18:02:31,292 INFO L290 TraceCheckUtils]: 45: Hoare triple {35313#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {35313#true} is VALID [2022-02-20 18:02:31,292 INFO L290 TraceCheckUtils]: 46: Hoare triple {35313#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {35313#true} is VALID [2022-02-20 18:02:31,292 INFO L290 TraceCheckUtils]: 47: Hoare triple {35313#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {35313#true} is VALID [2022-02-20 18:02:31,292 INFO L290 TraceCheckUtils]: 48: Hoare triple {35313#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {35313#true} is VALID [2022-02-20 18:02:31,292 INFO L290 TraceCheckUtils]: 49: Hoare triple {35313#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {35313#true} is VALID [2022-02-20 18:02:31,292 INFO L290 TraceCheckUtils]: 50: Hoare triple {35313#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {35313#true} is VALID [2022-02-20 18:02:31,292 INFO L290 TraceCheckUtils]: 51: Hoare triple {35313#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {35313#true} is VALID [2022-02-20 18:02:31,292 INFO L290 TraceCheckUtils]: 52: Hoare triple {35313#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {35313#true} is VALID [2022-02-20 18:02:31,292 INFO L290 TraceCheckUtils]: 53: Hoare triple {35313#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~9#1 := 1; {35313#true} is VALID [2022-02-20 18:02:31,293 INFO L290 TraceCheckUtils]: 54: Hoare triple {35313#true} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {35313#true} is VALID [2022-02-20 18:02:31,293 INFO L290 TraceCheckUtils]: 55: Hoare triple {35313#true} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {35313#true} is VALID [2022-02-20 18:02:31,293 INFO L290 TraceCheckUtils]: 56: Hoare triple {35313#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {35313#true} is VALID [2022-02-20 18:02:31,293 INFO L290 TraceCheckUtils]: 57: Hoare triple {35313#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {35313#true} is VALID [2022-02-20 18:02:31,294 INFO L272 TraceCheckUtils]: 58: Hoare triple {35313#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:31,294 INFO L290 TraceCheckUtils]: 59: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {35313#true} is VALID [2022-02-20 18:02:31,294 INFO L272 TraceCheckUtils]: 60: Hoare triple {35313#true} call setClientId(~bob___0, ~bob___0); {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:31,294 INFO L290 TraceCheckUtils]: 61: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,294 INFO L290 TraceCheckUtils]: 62: Hoare triple {35313#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,295 INFO L290 TraceCheckUtils]: 63: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,295 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {35313#true} {35313#true} #1739#return; {35313#true} is VALID [2022-02-20 18:02:31,295 INFO L290 TraceCheckUtils]: 65: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,295 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {35313#true} {35313#true} #1757#return; {35313#true} is VALID [2022-02-20 18:02:31,295 INFO L272 TraceCheckUtils]: 67: Hoare triple {35313#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {35427#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:31,296 INFO L290 TraceCheckUtils]: 68: Hoare triple {35427#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,296 INFO L290 TraceCheckUtils]: 69: Hoare triple {35313#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,296 INFO L290 TraceCheckUtils]: 70: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,296 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {35313#true} {35313#true} #1759#return; {35313#true} is VALID [2022-02-20 18:02:31,296 INFO L290 TraceCheckUtils]: 72: Hoare triple {35313#true} assume { :end_inline_setup_bob__role__Keys } true; {35313#true} is VALID [2022-02-20 18:02:31,296 INFO L290 TraceCheckUtils]: 73: Hoare triple {35313#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {35313#true} is VALID [2022-02-20 18:02:31,296 INFO L290 TraceCheckUtils]: 74: Hoare triple {35313#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {35313#true} is VALID [2022-02-20 18:02:31,297 INFO L272 TraceCheckUtils]: 75: Hoare triple {35313#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:31,297 INFO L290 TraceCheckUtils]: 76: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {35428#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:31,298 INFO L272 TraceCheckUtils]: 77: Hoare triple {35428#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:31,298 INFO L290 TraceCheckUtils]: 78: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35435#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,298 INFO L290 TraceCheckUtils]: 79: Hoare triple {35435#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {35435#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,299 INFO L290 TraceCheckUtils]: 80: Hoare triple {35435#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {35436#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,299 INFO L290 TraceCheckUtils]: 81: Hoare triple {35436#(= 2 |setClientId_#in~handle|)} assume true; {35436#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,299 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {35436#(= 2 |setClientId_#in~handle|)} {35428#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1691#return; {35434#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:31,300 INFO L290 TraceCheckUtils]: 83: Hoare triple {35434#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {35434#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:02:31,300 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {35434#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {35313#true} #1763#return; {35360#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:31,301 INFO L272 TraceCheckUtils]: 85: Hoare triple {35360#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {35427#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:31,301 INFO L290 TraceCheckUtils]: 86: Hoare triple {35427#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {35437#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:31,301 INFO L290 TraceCheckUtils]: 87: Hoare triple {35437#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35438#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:31,302 INFO L290 TraceCheckUtils]: 88: Hoare triple {35438#(= |setClientPrivateKey_#in~handle| 1)} assume true; {35438#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:31,302 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {35438#(= |setClientPrivateKey_#in~handle| 1)} {35360#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1765#return; {35314#false} is VALID [2022-02-20 18:02:31,302 INFO L290 TraceCheckUtils]: 90: Hoare triple {35314#false} assume { :end_inline_setup_rjh__role__Keys } true; {35314#false} is VALID [2022-02-20 18:02:31,302 INFO L290 TraceCheckUtils]: 91: Hoare triple {35314#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {35314#false} is VALID [2022-02-20 18:02:31,302 INFO L290 TraceCheckUtils]: 92: Hoare triple {35314#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {35314#false} is VALID [2022-02-20 18:02:31,303 INFO L272 TraceCheckUtils]: 93: Hoare triple {35314#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:31,303 INFO L290 TraceCheckUtils]: 94: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {35313#true} is VALID [2022-02-20 18:02:31,303 INFO L272 TraceCheckUtils]: 95: Hoare triple {35313#true} call setClientId(~chuck___0, ~chuck___0); {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:31,303 INFO L290 TraceCheckUtils]: 96: Hoare triple {35422#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,303 INFO L290 TraceCheckUtils]: 97: Hoare triple {35313#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,304 INFO L290 TraceCheckUtils]: 98: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,304 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {35313#true} {35313#true} #1629#return; {35313#true} is VALID [2022-02-20 18:02:31,304 INFO L290 TraceCheckUtils]: 100: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,304 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {35313#true} {35314#false} #1769#return; {35314#false} is VALID [2022-02-20 18:02:31,304 INFO L272 TraceCheckUtils]: 102: Hoare triple {35314#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {35427#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:31,304 INFO L290 TraceCheckUtils]: 103: Hoare triple {35427#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,304 INFO L290 TraceCheckUtils]: 104: Hoare triple {35313#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,304 INFO L290 TraceCheckUtils]: 105: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,304 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {35313#true} {35314#false} #1771#return; {35314#false} is VALID [2022-02-20 18:02:31,304 INFO L290 TraceCheckUtils]: 107: Hoare triple {35314#false} assume { :end_inline_setup_chuck__role__Keys } true; {35314#false} is VALID [2022-02-20 18:02:31,305 INFO L290 TraceCheckUtils]: 108: Hoare triple {35314#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {35314#false} is VALID [2022-02-20 18:02:31,305 INFO L290 TraceCheckUtils]: 109: Hoare triple {35314#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {35314#false} is VALID [2022-02-20 18:02:31,305 INFO L290 TraceCheckUtils]: 110: Hoare triple {35314#false} assume !false; {35314#false} is VALID [2022-02-20 18:02:31,305 INFO L290 TraceCheckUtils]: 111: Hoare triple {35314#false} assume test_~splverifierCounter~0#1 < 4; {35314#false} is VALID [2022-02-20 18:02:31,305 INFO L290 TraceCheckUtils]: 112: Hoare triple {35314#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {35314#false} is VALID [2022-02-20 18:02:31,305 INFO L290 TraceCheckUtils]: 113: Hoare triple {35314#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {35314#false} is VALID [2022-02-20 18:02:31,305 INFO L290 TraceCheckUtils]: 114: Hoare triple {35314#false} assume !(0 != test_~tmp___9~0#1); {35314#false} is VALID [2022-02-20 18:02:31,305 INFO L290 TraceCheckUtils]: 115: Hoare triple {35314#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {35314#false} is VALID [2022-02-20 18:02:31,305 INFO L290 TraceCheckUtils]: 116: Hoare triple {35314#false} assume 0 != test_~tmp___8~0#1; {35314#false} is VALID [2022-02-20 18:02:31,305 INFO L290 TraceCheckUtils]: 117: Hoare triple {35314#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {35314#false} is VALID [2022-02-20 18:02:31,306 INFO L290 TraceCheckUtils]: 118: Hoare triple {35314#false} test_~op2~0#1 := 1; {35314#false} is VALID [2022-02-20 18:02:31,306 INFO L290 TraceCheckUtils]: 119: Hoare triple {35314#false} assume !false; {35314#false} is VALID [2022-02-20 18:02:31,306 INFO L290 TraceCheckUtils]: 120: Hoare triple {35314#false} assume !(test_~splverifierCounter~0#1 < 4); {35314#false} is VALID [2022-02-20 18:02:31,306 INFO L290 TraceCheckUtils]: 121: Hoare triple {35314#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {35314#false} is VALID [2022-02-20 18:02:31,306 INFO L272 TraceCheckUtils]: 122: Hoare triple {35314#false} call sendEmail(~bob~0, ~rjh~0); {35314#false} is VALID [2022-02-20 18:02:31,306 INFO L290 TraceCheckUtils]: 123: Hoare triple {35314#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {35314#false} is VALID [2022-02-20 18:02:31,306 INFO L272 TraceCheckUtils]: 124: Hoare triple {35314#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {35443#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:31,306 INFO L290 TraceCheckUtils]: 125: Hoare triple {35443#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,306 INFO L290 TraceCheckUtils]: 126: Hoare triple {35313#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,306 INFO L290 TraceCheckUtils]: 127: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,307 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {35313#true} {35314#false} #1651#return; {35314#false} is VALID [2022-02-20 18:02:31,307 INFO L272 TraceCheckUtils]: 129: Hoare triple {35314#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {35444#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:31,307 INFO L290 TraceCheckUtils]: 130: Hoare triple {35444#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,307 INFO L290 TraceCheckUtils]: 131: Hoare triple {35313#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,307 INFO L290 TraceCheckUtils]: 132: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,307 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {35313#true} {35314#false} #1653#return; {35314#false} is VALID [2022-02-20 18:02:31,307 INFO L290 TraceCheckUtils]: 134: Hoare triple {35314#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {35314#false} is VALID [2022-02-20 18:02:31,307 INFO L290 TraceCheckUtils]: 135: Hoare triple {35314#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {35314#false} is VALID [2022-02-20 18:02:31,307 INFO L272 TraceCheckUtils]: 136: Hoare triple {35314#false} call outgoing(~sender#1, ~email~0#1); {35314#false} is VALID [2022-02-20 18:02:31,307 INFO L290 TraceCheckUtils]: 137: Hoare triple {35314#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35314#false} is VALID [2022-02-20 18:02:31,308 INFO L290 TraceCheckUtils]: 138: Hoare triple {35314#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {35314#false} is VALID [2022-02-20 18:02:31,308 INFO L272 TraceCheckUtils]: 139: Hoare triple {35314#false} call outgoing__before__Sign(~client#1, ~msg#1); {35314#false} is VALID [2022-02-20 18:02:31,308 INFO L290 TraceCheckUtils]: 140: Hoare triple {35314#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35314#false} is VALID [2022-02-20 18:02:31,308 INFO L290 TraceCheckUtils]: 141: Hoare triple {35314#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret105#1, outgoing__role__AddressBook_#t~ret106#1, outgoing__role__AddressBook_#t~ret107#1, outgoing__role__AddressBook_#t~ret108#1, outgoing__role__AddressBook_#t~ret109#1, outgoing__role__AddressBook_#t~ret110#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~2#1, outgoing__role__AddressBook_~tmp~19#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~8#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~4#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~2#1;havoc outgoing__role__AddressBook_~tmp~19#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~8#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~4#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {35314#false} is VALID [2022-02-20 18:02:31,308 INFO L272 TraceCheckUtils]: 142: Hoare triple {35314#false} call outgoing__role__AddressBook_#t~ret105#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {35313#true} is VALID [2022-02-20 18:02:31,308 INFO L290 TraceCheckUtils]: 143: Hoare triple {35313#true} ~handle := #in~handle;havoc ~retValue_acc~13; {35313#true} is VALID [2022-02-20 18:02:31,308 INFO L290 TraceCheckUtils]: 144: Hoare triple {35313#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~13; {35313#true} is VALID [2022-02-20 18:02:31,308 INFO L290 TraceCheckUtils]: 145: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,308 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {35313#true} {35314#false} #1631#return; {35314#false} is VALID [2022-02-20 18:02:31,308 INFO L290 TraceCheckUtils]: 147: Hoare triple {35314#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret105#1 && outgoing__role__AddressBook_#t~ret105#1 <= 2147483647;outgoing__role__AddressBook_~tmp~19#1 := outgoing__role__AddressBook_#t~ret105#1;havoc outgoing__role__AddressBook_#t~ret105#1;outgoing__role__AddressBook_~size~2#1 := outgoing__role__AddressBook_~tmp~19#1; {35314#false} is VALID [2022-02-20 18:02:31,309 INFO L290 TraceCheckUtils]: 148: Hoare triple {35314#false} assume !(0 != outgoing__role__AddressBook_~size~2#1); {35314#false} is VALID [2022-02-20 18:02:31,309 INFO L272 TraceCheckUtils]: 149: Hoare triple {35314#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {35314#false} is VALID [2022-02-20 18:02:31,309 INFO L290 TraceCheckUtils]: 150: Hoare triple {35314#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35314#false} is VALID [2022-02-20 18:02:31,309 INFO L290 TraceCheckUtils]: 151: Hoare triple {35314#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret103#1, outgoing__role__Encrypt_#t~ret104#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~18#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~7#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~18#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~7#1; {35314#false} is VALID [2022-02-20 18:02:31,309 INFO L272 TraceCheckUtils]: 152: Hoare triple {35314#false} call outgoing__role__Encrypt_#t~ret103#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {35313#true} is VALID [2022-02-20 18:02:31,309 INFO L290 TraceCheckUtils]: 153: Hoare triple {35313#true} ~handle := #in~handle;havoc ~retValue_acc~32; {35313#true} is VALID [2022-02-20 18:02:31,309 INFO L290 TraceCheckUtils]: 154: Hoare triple {35313#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {35313#true} is VALID [2022-02-20 18:02:31,309 INFO L290 TraceCheckUtils]: 155: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,309 INFO L284 TraceCheckUtils]: 156: Hoare quadruple {35313#true} {35314#false} #1617#return; {35314#false} is VALID [2022-02-20 18:02:31,310 INFO L290 TraceCheckUtils]: 157: Hoare triple {35314#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret103#1 && outgoing__role__Encrypt_#t~ret103#1 <= 2147483647;outgoing__role__Encrypt_~tmp~18#1 := outgoing__role__Encrypt_#t~ret103#1;havoc outgoing__role__Encrypt_#t~ret103#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~18#1; {35314#false} is VALID [2022-02-20 18:02:31,310 INFO L272 TraceCheckUtils]: 158: Hoare triple {35314#false} call outgoing__role__Encrypt_#t~ret104#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {35313#true} is VALID [2022-02-20 18:02:31,310 INFO L290 TraceCheckUtils]: 159: Hoare triple {35313#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {35313#true} is VALID [2022-02-20 18:02:31,310 INFO L290 TraceCheckUtils]: 160: Hoare triple {35313#true} assume 1 == ~handle; {35313#true} is VALID [2022-02-20 18:02:31,310 INFO L290 TraceCheckUtils]: 161: Hoare triple {35313#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {35313#true} is VALID [2022-02-20 18:02:31,310 INFO L290 TraceCheckUtils]: 162: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,310 INFO L284 TraceCheckUtils]: 163: Hoare quadruple {35313#true} {35314#false} #1619#return; {35314#false} is VALID [2022-02-20 18:02:31,310 INFO L290 TraceCheckUtils]: 164: Hoare triple {35314#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret104#1 && outgoing__role__Encrypt_#t~ret104#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~7#1 := outgoing__role__Encrypt_#t~ret104#1;havoc outgoing__role__Encrypt_#t~ret104#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~7#1; {35314#false} is VALID [2022-02-20 18:02:31,310 INFO L290 TraceCheckUtils]: 165: Hoare triple {35314#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {35314#false} is VALID [2022-02-20 18:02:31,310 INFO L272 TraceCheckUtils]: 166: Hoare triple {35314#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {35314#false} is VALID [2022-02-20 18:02:31,310 INFO L290 TraceCheckUtils]: 167: Hoare triple {35314#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {35314#false} is VALID [2022-02-20 18:02:31,311 INFO L290 TraceCheckUtils]: 168: Hoare triple {35314#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {35314#false} is VALID [2022-02-20 18:02:31,311 INFO L290 TraceCheckUtils]: 169: Hoare triple {35314#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {35314#false} is VALID [2022-02-20 18:02:31,311 INFO L272 TraceCheckUtils]: 170: Hoare triple {35314#false} call setEmailFrom(~msg#1, ~tmp~17#1); {35443#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:31,311 INFO L290 TraceCheckUtils]: 171: Hoare triple {35443#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:31,311 INFO L290 TraceCheckUtils]: 172: Hoare triple {35313#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:31,311 INFO L290 TraceCheckUtils]: 173: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,311 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {35313#true} {35314#false} #1663#return; {35314#false} is VALID [2022-02-20 18:02:31,311 INFO L290 TraceCheckUtils]: 175: Hoare triple {35314#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {35314#false} is VALID [2022-02-20 18:02:31,311 INFO L272 TraceCheckUtils]: 176: Hoare triple {35314#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {35313#true} is VALID [2022-02-20 18:02:31,312 INFO L290 TraceCheckUtils]: 177: Hoare triple {35313#true} ~handle := #in~handle;havoc ~retValue_acc~35; {35313#true} is VALID [2022-02-20 18:02:31,312 INFO L290 TraceCheckUtils]: 178: Hoare triple {35313#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {35313#true} is VALID [2022-02-20 18:02:31,312 INFO L290 TraceCheckUtils]: 179: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,312 INFO L284 TraceCheckUtils]: 180: Hoare quadruple {35313#true} {35314#false} #1665#return; {35314#false} is VALID [2022-02-20 18:02:31,312 INFO L290 TraceCheckUtils]: 181: Hoare triple {35314#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {35314#false} is VALID [2022-02-20 18:02:31,312 INFO L290 TraceCheckUtils]: 182: Hoare triple {35314#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {35314#false} is VALID [2022-02-20 18:02:31,312 INFO L272 TraceCheckUtils]: 183: Hoare triple {35314#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {35313#true} is VALID [2022-02-20 18:02:31,312 INFO L290 TraceCheckUtils]: 184: Hoare triple {35313#true} ~handle := #in~handle;havoc ~retValue_acc~32; {35313#true} is VALID [2022-02-20 18:02:31,312 INFO L290 TraceCheckUtils]: 185: Hoare triple {35313#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {35313#true} is VALID [2022-02-20 18:02:31,312 INFO L290 TraceCheckUtils]: 186: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,313 INFO L284 TraceCheckUtils]: 187: Hoare quadruple {35313#true} {35314#false} #1667#return; {35314#false} is VALID [2022-02-20 18:02:31,313 INFO L290 TraceCheckUtils]: 188: Hoare triple {35314#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {35314#false} is VALID [2022-02-20 18:02:31,313 INFO L290 TraceCheckUtils]: 189: Hoare triple {35314#false} assume 1 == ~sent_encrypted~0; {35314#false} is VALID [2022-02-20 18:02:31,313 INFO L272 TraceCheckUtils]: 190: Hoare triple {35314#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {35313#true} is VALID [2022-02-20 18:02:31,313 INFO L290 TraceCheckUtils]: 191: Hoare triple {35313#true} ~handle := #in~handle;havoc ~retValue_acc~19; {35313#true} is VALID [2022-02-20 18:02:31,313 INFO L290 TraceCheckUtils]: 192: Hoare triple {35313#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {35313#true} is VALID [2022-02-20 18:02:31,313 INFO L290 TraceCheckUtils]: 193: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,313 INFO L284 TraceCheckUtils]: 194: Hoare quadruple {35313#true} {35314#false} #1669#return; {35314#false} is VALID [2022-02-20 18:02:31,313 INFO L290 TraceCheckUtils]: 195: Hoare triple {35314#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {35314#false} is VALID [2022-02-20 18:02:31,313 INFO L272 TraceCheckUtils]: 196: Hoare triple {35314#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {35313#true} is VALID [2022-02-20 18:02:31,314 INFO L290 TraceCheckUtils]: 197: Hoare triple {35313#true} ~handle := #in~handle;havoc ~retValue_acc~36; {35313#true} is VALID [2022-02-20 18:02:31,314 INFO L290 TraceCheckUtils]: 198: Hoare triple {35313#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {35313#true} is VALID [2022-02-20 18:02:31,314 INFO L290 TraceCheckUtils]: 199: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,314 INFO L284 TraceCheckUtils]: 200: Hoare quadruple {35313#true} {35314#false} #1671#return; {35314#false} is VALID [2022-02-20 18:02:31,314 INFO L290 TraceCheckUtils]: 201: Hoare triple {35314#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {35314#false} is VALID [2022-02-20 18:02:31,314 INFO L272 TraceCheckUtils]: 202: Hoare triple {35314#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {35313#true} is VALID [2022-02-20 18:02:31,314 INFO L290 TraceCheckUtils]: 203: Hoare triple {35313#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {35313#true} is VALID [2022-02-20 18:02:31,314 INFO L290 TraceCheckUtils]: 204: Hoare triple {35313#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {35313#true} is VALID [2022-02-20 18:02:31,314 INFO L290 TraceCheckUtils]: 205: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:31,314 INFO L284 TraceCheckUtils]: 206: Hoare quadruple {35313#true} {35314#false} #1673#return; {35314#false} is VALID [2022-02-20 18:02:31,315 INFO L290 TraceCheckUtils]: 207: Hoare triple {35314#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {35314#false} is VALID [2022-02-20 18:02:31,315 INFO L290 TraceCheckUtils]: 208: Hoare triple {35314#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {35314#false} is VALID [2022-02-20 18:02:31,315 INFO L290 TraceCheckUtils]: 209: Hoare triple {35314#false} assume !false; {35314#false} is VALID [2022-02-20 18:02:31,315 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 106 trivial. 0 not checked. [2022-02-20 18:02:31,315 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:31,315 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2020937053] [2022-02-20 18:02:31,316 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2020937053] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:31,316 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [474819027] [2022-02-20 18:02:31,316 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:31,316 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:31,316 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:31,344 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:31,376 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:02:31,638 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,644 INFO L263 TraceCheckSpWp]: Trace formula consists of 1618 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:02:31,710 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,714 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:32,138 INFO L290 TraceCheckUtils]: 0: Hoare triple {35313#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {35313#true} is VALID [2022-02-20 18:02:32,139 INFO L290 TraceCheckUtils]: 1: Hoare triple {35313#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {35313#true} is VALID [2022-02-20 18:02:32,139 INFO L290 TraceCheckUtils]: 2: Hoare triple {35313#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {35313#true} is VALID [2022-02-20 18:02:32,139 INFO L272 TraceCheckUtils]: 3: Hoare triple {35313#true} call select_features_#t~ret58#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:32,140 INFO L290 TraceCheckUtils]: 4: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:32,140 INFO L290 TraceCheckUtils]: 5: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,140 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {35313#true} {35313#true} #1741#return; {35313#true} is VALID [2022-02-20 18:02:32,140 INFO L290 TraceCheckUtils]: 7: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {35313#true} is VALID [2022-02-20 18:02:32,140 INFO L272 TraceCheckUtils]: 8: Hoare triple {35313#true} call select_features_#t~ret59#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:32,140 INFO L290 TraceCheckUtils]: 9: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:32,140 INFO L290 TraceCheckUtils]: 10: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,140 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {35313#true} {35313#true} #1743#return; {35313#true} is VALID [2022-02-20 18:02:32,140 INFO L290 TraceCheckUtils]: 12: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {35313#true} is VALID [2022-02-20 18:02:32,141 INFO L272 TraceCheckUtils]: 13: Hoare triple {35313#true} call select_features_#t~ret60#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:32,141 INFO L290 TraceCheckUtils]: 14: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:32,141 INFO L290 TraceCheckUtils]: 15: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,141 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {35313#true} {35313#true} #1745#return; {35313#true} is VALID [2022-02-20 18:02:32,141 INFO L290 TraceCheckUtils]: 17: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {35313#true} is VALID [2022-02-20 18:02:32,141 INFO L272 TraceCheckUtils]: 18: Hoare triple {35313#true} call select_features_#t~ret61#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:32,141 INFO L290 TraceCheckUtils]: 19: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:32,141 INFO L290 TraceCheckUtils]: 20: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,141 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {35313#true} {35313#true} #1747#return; {35313#true} is VALID [2022-02-20 18:02:32,141 INFO L290 TraceCheckUtils]: 22: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {35313#true} is VALID [2022-02-20 18:02:32,142 INFO L272 TraceCheckUtils]: 23: Hoare triple {35313#true} call select_features_#t~ret62#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:32,142 INFO L290 TraceCheckUtils]: 24: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:32,142 INFO L290 TraceCheckUtils]: 25: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,142 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {35313#true} {35313#true} #1749#return; {35313#true} is VALID [2022-02-20 18:02:32,142 INFO L290 TraceCheckUtils]: 27: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {35313#true} is VALID [2022-02-20 18:02:32,142 INFO L272 TraceCheckUtils]: 28: Hoare triple {35313#true} call select_features_#t~ret63#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:32,142 INFO L290 TraceCheckUtils]: 29: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:32,142 INFO L290 TraceCheckUtils]: 30: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,142 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {35313#true} {35313#true} #1751#return; {35313#true} is VALID [2022-02-20 18:02:32,143 INFO L290 TraceCheckUtils]: 32: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {35313#true} is VALID [2022-02-20 18:02:32,143 INFO L272 TraceCheckUtils]: 33: Hoare triple {35313#true} call select_features_#t~ret64#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:32,143 INFO L290 TraceCheckUtils]: 34: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:32,143 INFO L290 TraceCheckUtils]: 35: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,143 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {35313#true} {35313#true} #1753#return; {35313#true} is VALID [2022-02-20 18:02:32,143 INFO L290 TraceCheckUtils]: 37: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {35313#true} is VALID [2022-02-20 18:02:32,143 INFO L272 TraceCheckUtils]: 38: Hoare triple {35313#true} call select_features_#t~ret65#1 := select_one(); {35313#true} is VALID [2022-02-20 18:02:32,143 INFO L290 TraceCheckUtils]: 39: Hoare triple {35313#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {35313#true} is VALID [2022-02-20 18:02:32,143 INFO L290 TraceCheckUtils]: 40: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,144 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {35313#true} {35313#true} #1755#return; {35313#true} is VALID [2022-02-20 18:02:32,144 INFO L290 TraceCheckUtils]: 42: Hoare triple {35313#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {35313#true} is VALID [2022-02-20 18:02:32,144 INFO L290 TraceCheckUtils]: 43: Hoare triple {35313#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {35313#true} is VALID [2022-02-20 18:02:32,144 INFO L290 TraceCheckUtils]: 44: Hoare triple {35313#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {35313#true} is VALID [2022-02-20 18:02:32,144 INFO L290 TraceCheckUtils]: 45: Hoare triple {35313#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {35313#true} is VALID [2022-02-20 18:02:32,144 INFO L290 TraceCheckUtils]: 46: Hoare triple {35313#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {35313#true} is VALID [2022-02-20 18:02:32,144 INFO L290 TraceCheckUtils]: 47: Hoare triple {35313#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {35313#true} is VALID [2022-02-20 18:02:32,144 INFO L290 TraceCheckUtils]: 48: Hoare triple {35313#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {35313#true} is VALID [2022-02-20 18:02:32,144 INFO L290 TraceCheckUtils]: 49: Hoare triple {35313#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {35313#true} is VALID [2022-02-20 18:02:32,144 INFO L290 TraceCheckUtils]: 50: Hoare triple {35313#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {35313#true} is VALID [2022-02-20 18:02:32,145 INFO L290 TraceCheckUtils]: 51: Hoare triple {35313#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {35313#true} is VALID [2022-02-20 18:02:32,145 INFO L290 TraceCheckUtils]: 52: Hoare triple {35313#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {35313#true} is VALID [2022-02-20 18:02:32,145 INFO L290 TraceCheckUtils]: 53: Hoare triple {35313#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~9#1 := 1; {35313#true} is VALID [2022-02-20 18:02:32,145 INFO L290 TraceCheckUtils]: 54: Hoare triple {35313#true} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {35313#true} is VALID [2022-02-20 18:02:32,145 INFO L290 TraceCheckUtils]: 55: Hoare triple {35313#true} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {35313#true} is VALID [2022-02-20 18:02:32,145 INFO L290 TraceCheckUtils]: 56: Hoare triple {35313#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {35313#true} is VALID [2022-02-20 18:02:32,145 INFO L290 TraceCheckUtils]: 57: Hoare triple {35313#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {35313#true} is VALID [2022-02-20 18:02:32,145 INFO L272 TraceCheckUtils]: 58: Hoare triple {35313#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {35313#true} is VALID [2022-02-20 18:02:32,145 INFO L290 TraceCheckUtils]: 59: Hoare triple {35313#true} ~bob___0 := #in~bob___0; {35313#true} is VALID [2022-02-20 18:02:32,146 INFO L272 TraceCheckUtils]: 60: Hoare triple {35313#true} call setClientId(~bob___0, ~bob___0); {35313#true} is VALID [2022-02-20 18:02:32,146 INFO L290 TraceCheckUtils]: 61: Hoare triple {35313#true} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:32,146 INFO L290 TraceCheckUtils]: 62: Hoare triple {35313#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:32,146 INFO L290 TraceCheckUtils]: 63: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,146 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {35313#true} {35313#true} #1739#return; {35313#true} is VALID [2022-02-20 18:02:32,146 INFO L290 TraceCheckUtils]: 65: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,146 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {35313#true} {35313#true} #1757#return; {35313#true} is VALID [2022-02-20 18:02:32,146 INFO L272 TraceCheckUtils]: 67: Hoare triple {35313#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {35313#true} is VALID [2022-02-20 18:02:32,146 INFO L290 TraceCheckUtils]: 68: Hoare triple {35313#true} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:32,146 INFO L290 TraceCheckUtils]: 69: Hoare triple {35313#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:32,147 INFO L290 TraceCheckUtils]: 70: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,147 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {35313#true} {35313#true} #1759#return; {35313#true} is VALID [2022-02-20 18:02:32,147 INFO L290 TraceCheckUtils]: 72: Hoare triple {35313#true} assume { :end_inline_setup_bob__role__Keys } true; {35313#true} is VALID [2022-02-20 18:02:32,148 INFO L290 TraceCheckUtils]: 73: Hoare triple {35313#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {35667#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:32,149 INFO L290 TraceCheckUtils]: 74: Hoare triple {35667#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {35671#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:02:32,149 INFO L272 TraceCheckUtils]: 75: Hoare triple {35671#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {35313#true} is VALID [2022-02-20 18:02:32,149 INFO L290 TraceCheckUtils]: 76: Hoare triple {35313#true} ~rjh___0 := #in~rjh___0; {35313#true} is VALID [2022-02-20 18:02:32,149 INFO L272 TraceCheckUtils]: 77: Hoare triple {35313#true} call setClientId(~rjh___0, ~rjh___0); {35313#true} is VALID [2022-02-20 18:02:32,149 INFO L290 TraceCheckUtils]: 78: Hoare triple {35313#true} ~handle := #in~handle;~value := #in~value; {35313#true} is VALID [2022-02-20 18:02:32,149 INFO L290 TraceCheckUtils]: 79: Hoare triple {35313#true} assume !(1 == ~handle); {35313#true} is VALID [2022-02-20 18:02:32,149 INFO L290 TraceCheckUtils]: 80: Hoare triple {35313#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {35313#true} is VALID [2022-02-20 18:02:32,149 INFO L290 TraceCheckUtils]: 81: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,149 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {35313#true} {35313#true} #1691#return; {35313#true} is VALID [2022-02-20 18:02:32,150 INFO L290 TraceCheckUtils]: 83: Hoare triple {35313#true} assume true; {35313#true} is VALID [2022-02-20 18:02:32,150 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {35313#true} {35671#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1763#return; {35671#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:02:32,150 INFO L272 TraceCheckUtils]: 85: Hoare triple {35671#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {35313#true} is VALID [2022-02-20 18:02:32,150 INFO L290 TraceCheckUtils]: 86: Hoare triple {35313#true} ~handle := #in~handle;~value := #in~value; {35708#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:02:32,151 INFO L290 TraceCheckUtils]: 87: Hoare triple {35708#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35712#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:32,151 INFO L290 TraceCheckUtils]: 88: Hoare triple {35712#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {35712#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:32,152 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {35712#(<= |setClientPrivateKey_#in~handle| 1)} {35671#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1765#return; {35314#false} is VALID [2022-02-20 18:02:32,152 INFO L290 TraceCheckUtils]: 90: Hoare triple {35314#false} assume { :end_inline_setup_rjh__role__Keys } true; {35314#false} is VALID [2022-02-20 18:02:32,152 INFO L290 TraceCheckUtils]: 91: Hoare triple {35314#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {35314#false} is VALID [2022-02-20 18:02:32,152 INFO L290 TraceCheckUtils]: 92: Hoare triple {35314#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {35314#false} is VALID [2022-02-20 18:02:32,152 INFO L272 TraceCheckUtils]: 93: Hoare triple {35314#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {35314#false} is VALID [2022-02-20 18:02:32,152 INFO L290 TraceCheckUtils]: 94: Hoare triple {35314#false} ~chuck___0 := #in~chuck___0; {35314#false} is VALID [2022-02-20 18:02:32,152 INFO L272 TraceCheckUtils]: 95: Hoare triple {35314#false} call setClientId(~chuck___0, ~chuck___0); {35314#false} is VALID [2022-02-20 18:02:32,157 INFO L290 TraceCheckUtils]: 96: Hoare triple {35314#false} ~handle := #in~handle;~value := #in~value; {35314#false} is VALID [2022-02-20 18:02:32,157 INFO L290 TraceCheckUtils]: 97: Hoare triple {35314#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35314#false} is VALID [2022-02-20 18:02:32,157 INFO L290 TraceCheckUtils]: 98: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,157 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {35314#false} {35314#false} #1629#return; {35314#false} is VALID [2022-02-20 18:02:32,157 INFO L290 TraceCheckUtils]: 100: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,158 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {35314#false} {35314#false} #1769#return; {35314#false} is VALID [2022-02-20 18:02:32,158 INFO L272 TraceCheckUtils]: 102: Hoare triple {35314#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {35314#false} is VALID [2022-02-20 18:02:32,158 INFO L290 TraceCheckUtils]: 103: Hoare triple {35314#false} ~handle := #in~handle;~value := #in~value; {35314#false} is VALID [2022-02-20 18:02:32,158 INFO L290 TraceCheckUtils]: 104: Hoare triple {35314#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35314#false} is VALID [2022-02-20 18:02:32,158 INFO L290 TraceCheckUtils]: 105: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,158 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {35314#false} {35314#false} #1771#return; {35314#false} is VALID [2022-02-20 18:02:32,158 INFO L290 TraceCheckUtils]: 107: Hoare triple {35314#false} assume { :end_inline_setup_chuck__role__Keys } true; {35314#false} is VALID [2022-02-20 18:02:32,158 INFO L290 TraceCheckUtils]: 108: Hoare triple {35314#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {35314#false} is VALID [2022-02-20 18:02:32,159 INFO L290 TraceCheckUtils]: 109: Hoare triple {35314#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {35314#false} is VALID [2022-02-20 18:02:32,159 INFO L290 TraceCheckUtils]: 110: Hoare triple {35314#false} assume !false; {35314#false} is VALID [2022-02-20 18:02:32,159 INFO L290 TraceCheckUtils]: 111: Hoare triple {35314#false} assume test_~splverifierCounter~0#1 < 4; {35314#false} is VALID [2022-02-20 18:02:32,159 INFO L290 TraceCheckUtils]: 112: Hoare triple {35314#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {35314#false} is VALID [2022-02-20 18:02:32,159 INFO L290 TraceCheckUtils]: 113: Hoare triple {35314#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {35314#false} is VALID [2022-02-20 18:02:32,159 INFO L290 TraceCheckUtils]: 114: Hoare triple {35314#false} assume !(0 != test_~tmp___9~0#1); {35314#false} is VALID [2022-02-20 18:02:32,160 INFO L290 TraceCheckUtils]: 115: Hoare triple {35314#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {35314#false} is VALID [2022-02-20 18:02:32,160 INFO L290 TraceCheckUtils]: 116: Hoare triple {35314#false} assume 0 != test_~tmp___8~0#1; {35314#false} is VALID [2022-02-20 18:02:32,160 INFO L290 TraceCheckUtils]: 117: Hoare triple {35314#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {35314#false} is VALID [2022-02-20 18:02:32,160 INFO L290 TraceCheckUtils]: 118: Hoare triple {35314#false} test_~op2~0#1 := 1; {35314#false} is VALID [2022-02-20 18:02:32,160 INFO L290 TraceCheckUtils]: 119: Hoare triple {35314#false} assume !false; {35314#false} is VALID [2022-02-20 18:02:32,160 INFO L290 TraceCheckUtils]: 120: Hoare triple {35314#false} assume !(test_~splverifierCounter~0#1 < 4); {35314#false} is VALID [2022-02-20 18:02:32,160 INFO L290 TraceCheckUtils]: 121: Hoare triple {35314#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {35314#false} is VALID [2022-02-20 18:02:32,160 INFO L272 TraceCheckUtils]: 122: Hoare triple {35314#false} call sendEmail(~bob~0, ~rjh~0); {35314#false} is VALID [2022-02-20 18:02:32,160 INFO L290 TraceCheckUtils]: 123: Hoare triple {35314#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {35314#false} is VALID [2022-02-20 18:02:32,160 INFO L272 TraceCheckUtils]: 124: Hoare triple {35314#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {35314#false} is VALID [2022-02-20 18:02:32,161 INFO L290 TraceCheckUtils]: 125: Hoare triple {35314#false} ~handle := #in~handle;~value := #in~value; {35314#false} is VALID [2022-02-20 18:02:32,161 INFO L290 TraceCheckUtils]: 126: Hoare triple {35314#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35314#false} is VALID [2022-02-20 18:02:32,161 INFO L290 TraceCheckUtils]: 127: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,161 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {35314#false} {35314#false} #1651#return; {35314#false} is VALID [2022-02-20 18:02:32,161 INFO L272 TraceCheckUtils]: 129: Hoare triple {35314#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {35314#false} is VALID [2022-02-20 18:02:32,161 INFO L290 TraceCheckUtils]: 130: Hoare triple {35314#false} ~handle := #in~handle;~value := #in~value; {35314#false} is VALID [2022-02-20 18:02:32,161 INFO L290 TraceCheckUtils]: 131: Hoare triple {35314#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {35314#false} is VALID [2022-02-20 18:02:32,161 INFO L290 TraceCheckUtils]: 132: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,161 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {35314#false} {35314#false} #1653#return; {35314#false} is VALID [2022-02-20 18:02:32,162 INFO L290 TraceCheckUtils]: 134: Hoare triple {35314#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {35314#false} is VALID [2022-02-20 18:02:32,162 INFO L290 TraceCheckUtils]: 135: Hoare triple {35314#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {35314#false} is VALID [2022-02-20 18:02:32,162 INFO L272 TraceCheckUtils]: 136: Hoare triple {35314#false} call outgoing(~sender#1, ~email~0#1); {35314#false} is VALID [2022-02-20 18:02:32,162 INFO L290 TraceCheckUtils]: 137: Hoare triple {35314#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35314#false} is VALID [2022-02-20 18:02:32,162 INFO L290 TraceCheckUtils]: 138: Hoare triple {35314#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {35314#false} is VALID [2022-02-20 18:02:32,162 INFO L272 TraceCheckUtils]: 139: Hoare triple {35314#false} call outgoing__before__Sign(~client#1, ~msg#1); {35314#false} is VALID [2022-02-20 18:02:32,162 INFO L290 TraceCheckUtils]: 140: Hoare triple {35314#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35314#false} is VALID [2022-02-20 18:02:32,162 INFO L290 TraceCheckUtils]: 141: Hoare triple {35314#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret105#1, outgoing__role__AddressBook_#t~ret106#1, outgoing__role__AddressBook_#t~ret107#1, outgoing__role__AddressBook_#t~ret108#1, outgoing__role__AddressBook_#t~ret109#1, outgoing__role__AddressBook_#t~ret110#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~2#1, outgoing__role__AddressBook_~tmp~19#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~8#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~4#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~2#1;havoc outgoing__role__AddressBook_~tmp~19#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~8#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~4#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {35314#false} is VALID [2022-02-20 18:02:32,162 INFO L272 TraceCheckUtils]: 142: Hoare triple {35314#false} call outgoing__role__AddressBook_#t~ret105#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {35314#false} is VALID [2022-02-20 18:02:32,162 INFO L290 TraceCheckUtils]: 143: Hoare triple {35314#false} ~handle := #in~handle;havoc ~retValue_acc~13; {35314#false} is VALID [2022-02-20 18:02:32,163 INFO L290 TraceCheckUtils]: 144: Hoare triple {35314#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~13; {35314#false} is VALID [2022-02-20 18:02:32,163 INFO L290 TraceCheckUtils]: 145: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,163 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {35314#false} {35314#false} #1631#return; {35314#false} is VALID [2022-02-20 18:02:32,163 INFO L290 TraceCheckUtils]: 147: Hoare triple {35314#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret105#1 && outgoing__role__AddressBook_#t~ret105#1 <= 2147483647;outgoing__role__AddressBook_~tmp~19#1 := outgoing__role__AddressBook_#t~ret105#1;havoc outgoing__role__AddressBook_#t~ret105#1;outgoing__role__AddressBook_~size~2#1 := outgoing__role__AddressBook_~tmp~19#1; {35314#false} is VALID [2022-02-20 18:02:32,163 INFO L290 TraceCheckUtils]: 148: Hoare triple {35314#false} assume !(0 != outgoing__role__AddressBook_~size~2#1); {35314#false} is VALID [2022-02-20 18:02:32,163 INFO L272 TraceCheckUtils]: 149: Hoare triple {35314#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {35314#false} is VALID [2022-02-20 18:02:32,163 INFO L290 TraceCheckUtils]: 150: Hoare triple {35314#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {35314#false} is VALID [2022-02-20 18:02:32,163 INFO L290 TraceCheckUtils]: 151: Hoare triple {35314#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret103#1, outgoing__role__Encrypt_#t~ret104#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~18#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~7#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~18#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~7#1; {35314#false} is VALID [2022-02-20 18:02:32,163 INFO L272 TraceCheckUtils]: 152: Hoare triple {35314#false} call outgoing__role__Encrypt_#t~ret103#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {35314#false} is VALID [2022-02-20 18:02:32,164 INFO L290 TraceCheckUtils]: 153: Hoare triple {35314#false} ~handle := #in~handle;havoc ~retValue_acc~32; {35314#false} is VALID [2022-02-20 18:02:32,164 INFO L290 TraceCheckUtils]: 154: Hoare triple {35314#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {35314#false} is VALID [2022-02-20 18:02:32,164 INFO L290 TraceCheckUtils]: 155: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,164 INFO L284 TraceCheckUtils]: 156: Hoare quadruple {35314#false} {35314#false} #1617#return; {35314#false} is VALID [2022-02-20 18:02:32,164 INFO L290 TraceCheckUtils]: 157: Hoare triple {35314#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret103#1 && outgoing__role__Encrypt_#t~ret103#1 <= 2147483647;outgoing__role__Encrypt_~tmp~18#1 := outgoing__role__Encrypt_#t~ret103#1;havoc outgoing__role__Encrypt_#t~ret103#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~18#1; {35314#false} is VALID [2022-02-20 18:02:32,164 INFO L272 TraceCheckUtils]: 158: Hoare triple {35314#false} call outgoing__role__Encrypt_#t~ret104#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {35314#false} is VALID [2022-02-20 18:02:32,164 INFO L290 TraceCheckUtils]: 159: Hoare triple {35314#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {35314#false} is VALID [2022-02-20 18:02:32,164 INFO L290 TraceCheckUtils]: 160: Hoare triple {35314#false} assume 1 == ~handle; {35314#false} is VALID [2022-02-20 18:02:32,164 INFO L290 TraceCheckUtils]: 161: Hoare triple {35314#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {35314#false} is VALID [2022-02-20 18:02:32,165 INFO L290 TraceCheckUtils]: 162: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,165 INFO L284 TraceCheckUtils]: 163: Hoare quadruple {35314#false} {35314#false} #1619#return; {35314#false} is VALID [2022-02-20 18:02:32,165 INFO L290 TraceCheckUtils]: 164: Hoare triple {35314#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret104#1 && outgoing__role__Encrypt_#t~ret104#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~7#1 := outgoing__role__Encrypt_#t~ret104#1;havoc outgoing__role__Encrypt_#t~ret104#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~7#1; {35314#false} is VALID [2022-02-20 18:02:32,165 INFO L290 TraceCheckUtils]: 165: Hoare triple {35314#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {35314#false} is VALID [2022-02-20 18:02:32,165 INFO L272 TraceCheckUtils]: 166: Hoare triple {35314#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {35314#false} is VALID [2022-02-20 18:02:32,165 INFO L290 TraceCheckUtils]: 167: Hoare triple {35314#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {35314#false} is VALID [2022-02-20 18:02:32,165 INFO L290 TraceCheckUtils]: 168: Hoare triple {35314#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {35314#false} is VALID [2022-02-20 18:02:32,165 INFO L290 TraceCheckUtils]: 169: Hoare triple {35314#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {35314#false} is VALID [2022-02-20 18:02:32,165 INFO L272 TraceCheckUtils]: 170: Hoare triple {35314#false} call setEmailFrom(~msg#1, ~tmp~17#1); {35314#false} is VALID [2022-02-20 18:02:32,166 INFO L290 TraceCheckUtils]: 171: Hoare triple {35314#false} ~handle := #in~handle;~value := #in~value; {35314#false} is VALID [2022-02-20 18:02:32,166 INFO L290 TraceCheckUtils]: 172: Hoare triple {35314#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35314#false} is VALID [2022-02-20 18:02:32,166 INFO L290 TraceCheckUtils]: 173: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,166 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {35314#false} {35314#false} #1663#return; {35314#false} is VALID [2022-02-20 18:02:32,166 INFO L290 TraceCheckUtils]: 175: Hoare triple {35314#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {35314#false} is VALID [2022-02-20 18:02:32,166 INFO L272 TraceCheckUtils]: 176: Hoare triple {35314#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {35314#false} is VALID [2022-02-20 18:02:32,166 INFO L290 TraceCheckUtils]: 177: Hoare triple {35314#false} ~handle := #in~handle;havoc ~retValue_acc~35; {35314#false} is VALID [2022-02-20 18:02:32,166 INFO L290 TraceCheckUtils]: 178: Hoare triple {35314#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {35314#false} is VALID [2022-02-20 18:02:32,166 INFO L290 TraceCheckUtils]: 179: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,167 INFO L284 TraceCheckUtils]: 180: Hoare quadruple {35314#false} {35314#false} #1665#return; {35314#false} is VALID [2022-02-20 18:02:32,167 INFO L290 TraceCheckUtils]: 181: Hoare triple {35314#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {35314#false} is VALID [2022-02-20 18:02:32,167 INFO L290 TraceCheckUtils]: 182: Hoare triple {35314#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {35314#false} is VALID [2022-02-20 18:02:32,167 INFO L272 TraceCheckUtils]: 183: Hoare triple {35314#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {35314#false} is VALID [2022-02-20 18:02:32,167 INFO L290 TraceCheckUtils]: 184: Hoare triple {35314#false} ~handle := #in~handle;havoc ~retValue_acc~32; {35314#false} is VALID [2022-02-20 18:02:32,167 INFO L290 TraceCheckUtils]: 185: Hoare triple {35314#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {35314#false} is VALID [2022-02-20 18:02:32,167 INFO L290 TraceCheckUtils]: 186: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,167 INFO L284 TraceCheckUtils]: 187: Hoare quadruple {35314#false} {35314#false} #1667#return; {35314#false} is VALID [2022-02-20 18:02:32,167 INFO L290 TraceCheckUtils]: 188: Hoare triple {35314#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {35314#false} is VALID [2022-02-20 18:02:32,168 INFO L290 TraceCheckUtils]: 189: Hoare triple {35314#false} assume 1 == ~sent_encrypted~0; {35314#false} is VALID [2022-02-20 18:02:32,168 INFO L272 TraceCheckUtils]: 190: Hoare triple {35314#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {35314#false} is VALID [2022-02-20 18:02:32,168 INFO L290 TraceCheckUtils]: 191: Hoare triple {35314#false} ~handle := #in~handle;havoc ~retValue_acc~19; {35314#false} is VALID [2022-02-20 18:02:32,168 INFO L290 TraceCheckUtils]: 192: Hoare triple {35314#false} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {35314#false} is VALID [2022-02-20 18:02:32,168 INFO L290 TraceCheckUtils]: 193: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,168 INFO L284 TraceCheckUtils]: 194: Hoare quadruple {35314#false} {35314#false} #1669#return; {35314#false} is VALID [2022-02-20 18:02:32,168 INFO L290 TraceCheckUtils]: 195: Hoare triple {35314#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {35314#false} is VALID [2022-02-20 18:02:32,168 INFO L272 TraceCheckUtils]: 196: Hoare triple {35314#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {35314#false} is VALID [2022-02-20 18:02:32,168 INFO L290 TraceCheckUtils]: 197: Hoare triple {35314#false} ~handle := #in~handle;havoc ~retValue_acc~36; {35314#false} is VALID [2022-02-20 18:02:32,168 INFO L290 TraceCheckUtils]: 198: Hoare triple {35314#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {35314#false} is VALID [2022-02-20 18:02:32,169 INFO L290 TraceCheckUtils]: 199: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,169 INFO L284 TraceCheckUtils]: 200: Hoare quadruple {35314#false} {35314#false} #1671#return; {35314#false} is VALID [2022-02-20 18:02:32,169 INFO L290 TraceCheckUtils]: 201: Hoare triple {35314#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {35314#false} is VALID [2022-02-20 18:02:32,169 INFO L272 TraceCheckUtils]: 202: Hoare triple {35314#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {35314#false} is VALID [2022-02-20 18:02:32,169 INFO L290 TraceCheckUtils]: 203: Hoare triple {35314#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {35314#false} is VALID [2022-02-20 18:02:32,169 INFO L290 TraceCheckUtils]: 204: Hoare triple {35314#false} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {35314#false} is VALID [2022-02-20 18:02:32,169 INFO L290 TraceCheckUtils]: 205: Hoare triple {35314#false} assume true; {35314#false} is VALID [2022-02-20 18:02:32,169 INFO L284 TraceCheckUtils]: 206: Hoare quadruple {35314#false} {35314#false} #1673#return; {35314#false} is VALID [2022-02-20 18:02:32,170 INFO L290 TraceCheckUtils]: 207: Hoare triple {35314#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {35314#false} is VALID [2022-02-20 18:02:32,170 INFO L290 TraceCheckUtils]: 208: Hoare triple {35314#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {35314#false} is VALID [2022-02-20 18:02:32,170 INFO L290 TraceCheckUtils]: 209: Hoare triple {35314#false} assume !false; {35314#false} is VALID [2022-02-20 18:02:32,170 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 99 trivial. 0 not checked. [2022-02-20 18:02:32,171 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:32,171 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [474819027] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:32,171 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:32,171 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [13] total 17 [2022-02-20 18:02:32,171 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [27476746] [2022-02-20 18:02:32,171 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:32,172 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 25.2) internal successors, (126), 6 states have internal predecessors, (126), 3 states have call successors, (33), 2 states have call predecessors, (33), 3 states have return successors, (28), 3 states have call predecessors, (28), 3 states have call successors, (28) Word has length 210 [2022-02-20 18:02:32,172 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:32,178 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 5 states have (on average 25.2) internal successors, (126), 6 states have internal predecessors, (126), 3 states have call successors, (33), 2 states have call predecessors, (33), 3 states have return successors, (28), 3 states have call predecessors, (28), 3 states have call successors, (28) [2022-02-20 18:02:32,254 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 187 edges. 187 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:32,254 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:02:32,255 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:32,255 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:02:32,255 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=34, Invalid=238, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:02:32,256 INFO L87 Difference]: Start difference. First operand 690 states and 1007 transitions. Second operand has 6 states, 5 states have (on average 25.2) internal successors, (126), 6 states have internal predecessors, (126), 3 states have call successors, (33), 2 states have call predecessors, (33), 3 states have return successors, (28), 3 states have call predecessors, (28), 3 states have call successors, (28) [2022-02-20 18:02:33,853 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:33,853 INFO L93 Difference]: Finished difference Result 1324 states and 1949 transitions. [2022-02-20 18:02:33,853 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:02:33,853 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 25.2) internal successors, (126), 6 states have internal predecessors, (126), 3 states have call successors, (33), 2 states have call predecessors, (33), 3 states have return successors, (28), 3 states have call predecessors, (28), 3 states have call successors, (28) Word has length 210 [2022-02-20 18:02:33,854 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:33,854 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 25.2) internal successors, (126), 6 states have internal predecessors, (126), 3 states have call successors, (33), 2 states have call predecessors, (33), 3 states have return successors, (28), 3 states have call predecessors, (28), 3 states have call successors, (28) [2022-02-20 18:02:33,870 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 1645 transitions. [2022-02-20 18:02:33,870 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 25.2) internal successors, (126), 6 states have internal predecessors, (126), 3 states have call successors, (33), 2 states have call predecessors, (33), 3 states have return successors, (28), 3 states have call predecessors, (28), 3 states have call successors, (28) [2022-02-20 18:02:33,891 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 1645 transitions. [2022-02-20 18:02:33,891 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 1645 transitions. [2022-02-20 18:02:34,956 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1645 edges. 1645 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:34,979 INFO L225 Difference]: With dead ends: 1324 [2022-02-20 18:02:34,980 INFO L226 Difference]: Without dead ends: 692 [2022-02-20 18:02:34,982 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 273 GetRequests, 256 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=299, Unknown=0, NotChecked=0, Total=342 [2022-02-20 18:02:34,983 INFO L933 BasicCegarLoop]: 842 mSDtfsCounter, 361 mSDsluCounter, 2964 mSDsCounter, 0 mSdLazyCounter, 56 mSolverCounterSat, 47 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 361 SdHoareTripleChecker+Valid, 3806 SdHoareTripleChecker+Invalid, 103 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 47 IncrementalHoareTripleChecker+Valid, 56 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:34,984 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [361 Valid, 3806 Invalid, 103 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [47 Valid, 56 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:02:34,985 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 692 states. [2022-02-20 18:02:35,158 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 692 to 692. [2022-02-20 18:02:35,159 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:35,160 INFO L82 GeneralOperation]: Start isEquivalent. First operand 692 states. Second operand has 692 states, 526 states have (on average 1.461977186311787) internal successors, (769), 539 states have internal predecessors, (769), 119 states have call successors, (119), 44 states have call predecessors, (119), 46 states have return successors, (125), 117 states have call predecessors, (125), 118 states have call successors, (125) [2022-02-20 18:02:35,161 INFO L74 IsIncluded]: Start isIncluded. First operand 692 states. Second operand has 692 states, 526 states have (on average 1.461977186311787) internal successors, (769), 539 states have internal predecessors, (769), 119 states have call successors, (119), 44 states have call predecessors, (119), 46 states have return successors, (125), 117 states have call predecessors, (125), 118 states have call successors, (125) [2022-02-20 18:02:35,161 INFO L87 Difference]: Start difference. First operand 692 states. Second operand has 692 states, 526 states have (on average 1.461977186311787) internal successors, (769), 539 states have internal predecessors, (769), 119 states have call successors, (119), 44 states have call predecessors, (119), 46 states have return successors, (125), 117 states have call predecessors, (125), 118 states have call successors, (125) [2022-02-20 18:02:35,181 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:35,182 INFO L93 Difference]: Finished difference Result 692 states and 1013 transitions. [2022-02-20 18:02:35,182 INFO L276 IsEmpty]: Start isEmpty. Operand 692 states and 1013 transitions. [2022-02-20 18:02:35,183 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:35,183 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:35,184 INFO L74 IsIncluded]: Start isIncluded. First operand has 692 states, 526 states have (on average 1.461977186311787) internal successors, (769), 539 states have internal predecessors, (769), 119 states have call successors, (119), 44 states have call predecessors, (119), 46 states have return successors, (125), 117 states have call predecessors, (125), 118 states have call successors, (125) Second operand 692 states. [2022-02-20 18:02:35,185 INFO L87 Difference]: Start difference. First operand has 692 states, 526 states have (on average 1.461977186311787) internal successors, (769), 539 states have internal predecessors, (769), 119 states have call successors, (119), 44 states have call predecessors, (119), 46 states have return successors, (125), 117 states have call predecessors, (125), 118 states have call successors, (125) Second operand 692 states. [2022-02-20 18:02:35,212 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:35,212 INFO L93 Difference]: Finished difference Result 692 states and 1013 transitions. [2022-02-20 18:02:35,212 INFO L276 IsEmpty]: Start isEmpty. Operand 692 states and 1013 transitions. [2022-02-20 18:02:35,213 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:35,213 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:35,214 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:35,217 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:35,235 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 692 states, 526 states have (on average 1.461977186311787) internal successors, (769), 539 states have internal predecessors, (769), 119 states have call successors, (119), 44 states have call predecessors, (119), 46 states have return successors, (125), 117 states have call predecessors, (125), 118 states have call successors, (125) [2022-02-20 18:02:35,274 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 692 states to 692 states and 1013 transitions. [2022-02-20 18:02:35,287 INFO L78 Accepts]: Start accepts. Automaton has 692 states and 1013 transitions. Word has length 210 [2022-02-20 18:02:35,288 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:35,288 INFO L470 AbstractCegarLoop]: Abstraction has 692 states and 1013 transitions. [2022-02-20 18:02:35,288 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 25.2) internal successors, (126), 6 states have internal predecessors, (126), 3 states have call successors, (33), 2 states have call predecessors, (33), 3 states have return successors, (28), 3 states have call predecessors, (28), 3 states have call successors, (28) [2022-02-20 18:02:35,288 INFO L276 IsEmpty]: Start isEmpty. Operand 692 states and 1013 transitions. [2022-02-20 18:02:35,290 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 205 [2022-02-20 18:02:35,290 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:35,290 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:35,311 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:35,490 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:35,491 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:35,491 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:35,491 INFO L85 PathProgramCache]: Analyzing trace with hash 1323219734, now seen corresponding path program 1 times [2022-02-20 18:02:35,491 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:35,491 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1251514005] [2022-02-20 18:02:35,492 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:35,492 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:35,540 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,568 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:02:35,570 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,571 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,571 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,571 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {40242#true} {40242#true} #1741#return; {40242#true} is VALID [2022-02-20 18:02:35,571 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:02:35,572 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,574 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,574 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {40242#true} {40242#true} #1743#return; {40242#true} is VALID [2022-02-20 18:02:35,574 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:02:35,576 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,578 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,578 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,578 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {40242#true} {40242#true} #1745#return; {40242#true} is VALID [2022-02-20 18:02:35,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:35,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,580 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,580 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,581 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {40242#true} {40242#true} #1747#return; {40242#true} is VALID [2022-02-20 18:02:35,581 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:02:35,583 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,585 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,585 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,585 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {40242#true} {40242#true} #1749#return; {40242#true} is VALID [2022-02-20 18:02:35,585 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:02:35,586 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,587 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,587 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,588 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {40242#true} {40242#true} #1751#return; {40242#true} is VALID [2022-02-20 18:02:35,588 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:02:35,589 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,590 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,590 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,590 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {40242#true} {40242#true} #1753#return; {40242#true} is VALID [2022-02-20 18:02:35,590 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:02:35,592 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,593 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,593 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,593 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {40242#true} {40242#true} #1755#return; {40242#true} is VALID [2022-02-20 18:02:35,597 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:02:35,598 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,601 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:35,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,607 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,607 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,607 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40242#true} {40242#true} #1739#return; {40242#true} is VALID [2022-02-20 18:02:35,607 INFO L290 TraceCheckUtils]: 0: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {40242#true} is VALID [2022-02-20 18:02:35,608 INFO L272 TraceCheckUtils]: 1: Hoare triple {40242#true} call setClientId(~bob___0, ~bob___0); {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,608 INFO L290 TraceCheckUtils]: 2: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,608 INFO L290 TraceCheckUtils]: 3: Hoare triple {40242#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,608 INFO L290 TraceCheckUtils]: 4: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,608 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {40242#true} {40242#true} #1739#return; {40242#true} is VALID [2022-02-20 18:02:35,608 INFO L290 TraceCheckUtils]: 6: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,608 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {40242#true} {40242#true} #1757#return; {40242#true} is VALID [2022-02-20 18:02:35,613 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:02:35,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,616 INFO L290 TraceCheckUtils]: 0: Hoare triple {40354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,616 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,616 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,617 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40242#true} {40242#true} #1759#return; {40242#true} is VALID [2022-02-20 18:02:35,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:02:35,621 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,622 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:35,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,624 INFO L290 TraceCheckUtils]: 0: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,624 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume !(1 == ~handle); {40242#true} is VALID [2022-02-20 18:02:35,624 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,625 INFO L290 TraceCheckUtils]: 3: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,625 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {40242#true} {40242#true} #1691#return; {40242#true} is VALID [2022-02-20 18:02:35,625 INFO L290 TraceCheckUtils]: 0: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {40242#true} is VALID [2022-02-20 18:02:35,626 INFO L272 TraceCheckUtils]: 1: Hoare triple {40242#true} call setClientId(~rjh___0, ~rjh___0); {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,626 INFO L290 TraceCheckUtils]: 2: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,626 INFO L290 TraceCheckUtils]: 3: Hoare triple {40242#true} assume !(1 == ~handle); {40242#true} is VALID [2022-02-20 18:02:35,626 INFO L290 TraceCheckUtils]: 4: Hoare triple {40242#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,626 INFO L290 TraceCheckUtils]: 5: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,626 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {40242#true} {40242#true} #1691#return; {40242#true} is VALID [2022-02-20 18:02:35,626 INFO L290 TraceCheckUtils]: 7: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,626 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {40242#true} {40242#true} #1763#return; {40242#true} is VALID [2022-02-20 18:02:35,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:02:35,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {40354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume !(1 == ~handle); {40242#true} is VALID [2022-02-20 18:02:35,630 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,630 INFO L290 TraceCheckUtils]: 3: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,630 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {40242#true} {40242#true} #1765#return; {40242#true} is VALID [2022-02-20 18:02:35,630 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:02:35,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,643 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:35,645 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,660 INFO L290 TraceCheckUtils]: 0: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {40366#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:35,660 INFO L290 TraceCheckUtils]: 1: Hoare triple {40366#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {40367#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:35,661 INFO L290 TraceCheckUtils]: 2: Hoare triple {40367#(= |setClientId_#in~handle| 1)} assume true; {40367#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:35,661 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40367#(= |setClientId_#in~handle| 1)} {40360#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1629#return; {40365#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:02:35,662 INFO L290 TraceCheckUtils]: 0: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {40360#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 18:02:35,662 INFO L272 TraceCheckUtils]: 1: Hoare triple {40360#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,662 INFO L290 TraceCheckUtils]: 2: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {40366#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:35,663 INFO L290 TraceCheckUtils]: 3: Hoare triple {40366#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {40367#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:35,663 INFO L290 TraceCheckUtils]: 4: Hoare triple {40367#(= |setClientId_#in~handle| 1)} assume true; {40367#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:35,664 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {40367#(= |setClientId_#in~handle| 1)} {40360#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1629#return; {40365#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:02:35,664 INFO L290 TraceCheckUtils]: 6: Hoare triple {40365#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} assume true; {40365#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:02:35,664 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {40365#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} {40295#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} #1769#return; {40243#false} is VALID [2022-02-20 18:02:35,664 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:02:35,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {40354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,667 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40242#true} {40243#false} #1771#return; {40243#false} is VALID [2022-02-20 18:02:35,677 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:02:35,678 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,679 INFO L290 TraceCheckUtils]: 0: Hoare triple {40368#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,679 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,679 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40242#true} {40243#false} #1651#return; {40243#false} is VALID [2022-02-20 18:02:35,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 18:02:35,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {40369#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,689 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,689 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,689 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40242#true} {40243#false} #1653#return; {40243#false} is VALID [2022-02-20 18:02:35,689 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 146 [2022-02-20 18:02:35,690 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,694 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} ~handle := #in~handle;havoc ~retValue_acc~32; {40242#true} is VALID [2022-02-20 18:02:35,695 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {40242#true} is VALID [2022-02-20 18:02:35,695 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,695 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40242#true} {40243#false} #1617#return; {40243#false} is VALID [2022-02-20 18:02:35,695 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 152 [2022-02-20 18:02:35,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,697 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {40242#true} is VALID [2022-02-20 18:02:35,697 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 1 == ~handle; {40242#true} is VALID [2022-02-20 18:02:35,697 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {40242#true} is VALID [2022-02-20 18:02:35,697 INFO L290 TraceCheckUtils]: 3: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,697 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {40242#true} {40243#false} #1619#return; {40243#false} is VALID [2022-02-20 18:02:35,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 164 [2022-02-20 18:02:35,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {40368#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,699 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,699 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,699 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40242#true} {40243#false} #1663#return; {40243#false} is VALID [2022-02-20 18:02:35,699 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 170 [2022-02-20 18:02:35,700 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,701 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} ~handle := #in~handle;havoc ~retValue_acc~35; {40242#true} is VALID [2022-02-20 18:02:35,701 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {40242#true} is VALID [2022-02-20 18:02:35,701 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,701 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40242#true} {40243#false} #1665#return; {40243#false} is VALID [2022-02-20 18:02:35,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 177 [2022-02-20 18:02:35,702 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,703 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} ~handle := #in~handle;havoc ~retValue_acc~32; {40242#true} is VALID [2022-02-20 18:02:35,703 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {40242#true} is VALID [2022-02-20 18:02:35,703 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,703 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40242#true} {40243#false} #1667#return; {40243#false} is VALID [2022-02-20 18:02:35,703 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 184 [2022-02-20 18:02:35,704 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} ~handle := #in~handle;havoc ~retValue_acc~19; {40242#true} is VALID [2022-02-20 18:02:35,705 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {40242#true} is VALID [2022-02-20 18:02:35,706 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,706 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40242#true} {40243#false} #1669#return; {40243#false} is VALID [2022-02-20 18:02:35,706 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 190 [2022-02-20 18:02:35,706 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,707 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} ~handle := #in~handle;havoc ~retValue_acc~36; {40242#true} is VALID [2022-02-20 18:02:35,707 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {40242#true} is VALID [2022-02-20 18:02:35,708 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,708 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40242#true} {40243#false} #1671#return; {40243#false} is VALID [2022-02-20 18:02:35,708 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 196 [2022-02-20 18:02:35,708 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,709 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {40242#true} is VALID [2022-02-20 18:02:35,710 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {40242#true} is VALID [2022-02-20 18:02:35,710 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,710 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {40242#true} {40243#false} #1673#return; {40243#false} is VALID [2022-02-20 18:02:35,710 INFO L290 TraceCheckUtils]: 0: Hoare triple {40242#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(19, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(19, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(21, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(25, 19);call #Ultimate.allocInit(10, 20);call #Ultimate.allocInit(12, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(18, 23);call #Ultimate.allocInit(16, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(115, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(34, 39);call #Ultimate.allocInit(30, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(20, 42);call #Ultimate.allocInit(22, 43);call #Ultimate.allocInit(21, 44);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~sent_encrypted~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {40242#true} is VALID [2022-02-20 18:02:35,710 INFO L290 TraceCheckUtils]: 1: Hoare triple {40242#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret88#1, main_~retValue_acc~28#1, main_~tmp~14#1;havoc main_~retValue_acc~28#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {40242#true} is VALID [2022-02-20 18:02:35,710 INFO L290 TraceCheckUtils]: 2: Hoare triple {40242#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret58#1, select_features_#t~ret59#1, select_features_#t~ret60#1, select_features_#t~ret61#1, select_features_#t~ret62#1, select_features_#t~ret63#1, select_features_#t~ret64#1, select_features_#t~ret65#1; {40242#true} is VALID [2022-02-20 18:02:35,710 INFO L272 TraceCheckUtils]: 3: Hoare triple {40242#true} call select_features_#t~ret58#1 := select_one(); {40242#true} is VALID [2022-02-20 18:02:35,710 INFO L290 TraceCheckUtils]: 4: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,710 INFO L290 TraceCheckUtils]: 5: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,711 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {40242#true} {40242#true} #1741#return; {40242#true} is VALID [2022-02-20 18:02:35,711 INFO L290 TraceCheckUtils]: 7: Hoare triple {40242#true} assume -2147483648 <= select_features_#t~ret58#1 && select_features_#t~ret58#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret58#1;havoc select_features_#t~ret58#1; {40242#true} is VALID [2022-02-20 18:02:35,711 INFO L272 TraceCheckUtils]: 8: Hoare triple {40242#true} call select_features_#t~ret59#1 := select_one(); {40242#true} is VALID [2022-02-20 18:02:35,711 INFO L290 TraceCheckUtils]: 9: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,711 INFO L290 TraceCheckUtils]: 10: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,711 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {40242#true} {40242#true} #1743#return; {40242#true} is VALID [2022-02-20 18:02:35,711 INFO L290 TraceCheckUtils]: 12: Hoare triple {40242#true} assume -2147483648 <= select_features_#t~ret59#1 && select_features_#t~ret59#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret59#1;havoc select_features_#t~ret59#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {40242#true} is VALID [2022-02-20 18:02:35,711 INFO L272 TraceCheckUtils]: 13: Hoare triple {40242#true} call select_features_#t~ret60#1 := select_one(); {40242#true} is VALID [2022-02-20 18:02:35,711 INFO L290 TraceCheckUtils]: 14: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,711 INFO L290 TraceCheckUtils]: 15: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,712 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {40242#true} {40242#true} #1745#return; {40242#true} is VALID [2022-02-20 18:02:35,712 INFO L290 TraceCheckUtils]: 17: Hoare triple {40242#true} assume -2147483648 <= select_features_#t~ret60#1 && select_features_#t~ret60#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret60#1;havoc select_features_#t~ret60#1; {40242#true} is VALID [2022-02-20 18:02:35,712 INFO L272 TraceCheckUtils]: 18: Hoare triple {40242#true} call select_features_#t~ret61#1 := select_one(); {40242#true} is VALID [2022-02-20 18:02:35,712 INFO L290 TraceCheckUtils]: 19: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,712 INFO L290 TraceCheckUtils]: 20: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,712 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {40242#true} {40242#true} #1747#return; {40242#true} is VALID [2022-02-20 18:02:35,712 INFO L290 TraceCheckUtils]: 22: Hoare triple {40242#true} assume -2147483648 <= select_features_#t~ret61#1 && select_features_#t~ret61#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret61#1;havoc select_features_#t~ret61#1; {40242#true} is VALID [2022-02-20 18:02:35,712 INFO L272 TraceCheckUtils]: 23: Hoare triple {40242#true} call select_features_#t~ret62#1 := select_one(); {40242#true} is VALID [2022-02-20 18:02:35,712 INFO L290 TraceCheckUtils]: 24: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,712 INFO L290 TraceCheckUtils]: 25: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,713 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {40242#true} {40242#true} #1749#return; {40242#true} is VALID [2022-02-20 18:02:35,713 INFO L290 TraceCheckUtils]: 27: Hoare triple {40242#true} assume -2147483648 <= select_features_#t~ret62#1 && select_features_#t~ret62#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret62#1;havoc select_features_#t~ret62#1; {40242#true} is VALID [2022-02-20 18:02:35,713 INFO L272 TraceCheckUtils]: 28: Hoare triple {40242#true} call select_features_#t~ret63#1 := select_one(); {40242#true} is VALID [2022-02-20 18:02:35,713 INFO L290 TraceCheckUtils]: 29: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,713 INFO L290 TraceCheckUtils]: 30: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,713 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {40242#true} {40242#true} #1751#return; {40242#true} is VALID [2022-02-20 18:02:35,713 INFO L290 TraceCheckUtils]: 32: Hoare triple {40242#true} assume -2147483648 <= select_features_#t~ret63#1 && select_features_#t~ret63#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret63#1;havoc select_features_#t~ret63#1; {40242#true} is VALID [2022-02-20 18:02:35,713 INFO L272 TraceCheckUtils]: 33: Hoare triple {40242#true} call select_features_#t~ret64#1 := select_one(); {40242#true} is VALID [2022-02-20 18:02:35,713 INFO L290 TraceCheckUtils]: 34: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,713 INFO L290 TraceCheckUtils]: 35: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,714 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {40242#true} {40242#true} #1753#return; {40242#true} is VALID [2022-02-20 18:02:35,714 INFO L290 TraceCheckUtils]: 37: Hoare triple {40242#true} assume -2147483648 <= select_features_#t~ret64#1 && select_features_#t~ret64#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret64#1;havoc select_features_#t~ret64#1; {40242#true} is VALID [2022-02-20 18:02:35,714 INFO L272 TraceCheckUtils]: 38: Hoare triple {40242#true} call select_features_#t~ret65#1 := select_one(); {40242#true} is VALID [2022-02-20 18:02:35,714 INFO L290 TraceCheckUtils]: 39: Hoare triple {40242#true} havoc ~retValue_acc~8;assume -2147483648 <= #t~nondet57 && #t~nondet57 <= 2147483647;~choice~0 := #t~nondet57;havoc #t~nondet57;~retValue_acc~8 := ~choice~0;#res := ~retValue_acc~8; {40242#true} is VALID [2022-02-20 18:02:35,714 INFO L290 TraceCheckUtils]: 40: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,714 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {40242#true} {40242#true} #1755#return; {40242#true} is VALID [2022-02-20 18:02:35,714 INFO L290 TraceCheckUtils]: 42: Hoare triple {40242#true} assume -2147483648 <= select_features_#t~ret65#1 && select_features_#t~ret65#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret65#1;havoc select_features_#t~ret65#1; {40242#true} is VALID [2022-02-20 18:02:35,714 INFO L290 TraceCheckUtils]: 43: Hoare triple {40242#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~9#1, valid_product_~tmp~9#1;havoc valid_product_~retValue_acc~9#1;havoc valid_product_~tmp~9#1; {40242#true} is VALID [2022-02-20 18:02:35,714 INFO L290 TraceCheckUtils]: 44: Hoare triple {40242#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {40242#true} is VALID [2022-02-20 18:02:35,714 INFO L290 TraceCheckUtils]: 45: Hoare triple {40242#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {40242#true} is VALID [2022-02-20 18:02:35,715 INFO L290 TraceCheckUtils]: 46: Hoare triple {40242#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {40242#true} is VALID [2022-02-20 18:02:35,715 INFO L290 TraceCheckUtils]: 47: Hoare triple {40242#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {40242#true} is VALID [2022-02-20 18:02:35,715 INFO L290 TraceCheckUtils]: 48: Hoare triple {40242#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {40242#true} is VALID [2022-02-20 18:02:35,715 INFO L290 TraceCheckUtils]: 49: Hoare triple {40242#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {40242#true} is VALID [2022-02-20 18:02:35,715 INFO L290 TraceCheckUtils]: 50: Hoare triple {40242#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {40242#true} is VALID [2022-02-20 18:02:35,715 INFO L290 TraceCheckUtils]: 51: Hoare triple {40242#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {40242#true} is VALID [2022-02-20 18:02:35,715 INFO L290 TraceCheckUtils]: 52: Hoare triple {40242#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {40242#true} is VALID [2022-02-20 18:02:35,715 INFO L290 TraceCheckUtils]: 53: Hoare triple {40242#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~9#1 := 1; {40242#true} is VALID [2022-02-20 18:02:35,715 INFO L290 TraceCheckUtils]: 54: Hoare triple {40242#true} valid_product_~retValue_acc~9#1 := valid_product_~tmp~9#1;valid_product_#res#1 := valid_product_~retValue_acc~9#1; {40242#true} is VALID [2022-02-20 18:02:35,715 INFO L290 TraceCheckUtils]: 55: Hoare triple {40242#true} main_#t~ret88#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret88#1 && main_#t~ret88#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret88#1;havoc main_#t~ret88#1; {40242#true} is VALID [2022-02-20 18:02:35,716 INFO L290 TraceCheckUtils]: 56: Hoare triple {40242#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet85#1, setup_#t~nondet86#1, setup_#t~nondet87#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {40242#true} is VALID [2022-02-20 18:02:35,716 INFO L290 TraceCheckUtils]: 57: Hoare triple {40242#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {40242#true} is VALID [2022-02-20 18:02:35,716 INFO L272 TraceCheckUtils]: 58: Hoare triple {40242#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,716 INFO L290 TraceCheckUtils]: 59: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {40242#true} is VALID [2022-02-20 18:02:35,717 INFO L272 TraceCheckUtils]: 60: Hoare triple {40242#true} call setClientId(~bob___0, ~bob___0); {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,717 INFO L290 TraceCheckUtils]: 61: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,717 INFO L290 TraceCheckUtils]: 62: Hoare triple {40242#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,717 INFO L290 TraceCheckUtils]: 63: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,717 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {40242#true} {40242#true} #1739#return; {40242#true} is VALID [2022-02-20 18:02:35,717 INFO L290 TraceCheckUtils]: 65: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,717 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {40242#true} {40242#true} #1757#return; {40242#true} is VALID [2022-02-20 18:02:35,718 INFO L272 TraceCheckUtils]: 67: Hoare triple {40242#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {40354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:35,718 INFO L290 TraceCheckUtils]: 68: Hoare triple {40354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,718 INFO L290 TraceCheckUtils]: 69: Hoare triple {40242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,718 INFO L290 TraceCheckUtils]: 70: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,718 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {40242#true} {40242#true} #1759#return; {40242#true} is VALID [2022-02-20 18:02:35,718 INFO L290 TraceCheckUtils]: 72: Hoare triple {40242#true} assume { :end_inline_setup_bob__role__Keys } true; {40242#true} is VALID [2022-02-20 18:02:35,719 INFO L290 TraceCheckUtils]: 73: Hoare triple {40242#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet85#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {40242#true} is VALID [2022-02-20 18:02:35,719 INFO L290 TraceCheckUtils]: 74: Hoare triple {40242#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {40242#true} is VALID [2022-02-20 18:02:35,719 INFO L272 TraceCheckUtils]: 75: Hoare triple {40242#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,719 INFO L290 TraceCheckUtils]: 76: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {40242#true} is VALID [2022-02-20 18:02:35,720 INFO L272 TraceCheckUtils]: 77: Hoare triple {40242#true} call setClientId(~rjh___0, ~rjh___0); {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,720 INFO L290 TraceCheckUtils]: 78: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,720 INFO L290 TraceCheckUtils]: 79: Hoare triple {40242#true} assume !(1 == ~handle); {40242#true} is VALID [2022-02-20 18:02:35,720 INFO L290 TraceCheckUtils]: 80: Hoare triple {40242#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,720 INFO L290 TraceCheckUtils]: 81: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,720 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {40242#true} {40242#true} #1691#return; {40242#true} is VALID [2022-02-20 18:02:35,720 INFO L290 TraceCheckUtils]: 83: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,721 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {40242#true} {40242#true} #1763#return; {40242#true} is VALID [2022-02-20 18:02:35,721 INFO L272 TraceCheckUtils]: 85: Hoare triple {40242#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {40354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:35,721 INFO L290 TraceCheckUtils]: 86: Hoare triple {40354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,721 INFO L290 TraceCheckUtils]: 87: Hoare triple {40242#true} assume !(1 == ~handle); {40242#true} is VALID [2022-02-20 18:02:35,721 INFO L290 TraceCheckUtils]: 88: Hoare triple {40242#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,721 INFO L290 TraceCheckUtils]: 89: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,722 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {40242#true} {40242#true} #1765#return; {40242#true} is VALID [2022-02-20 18:02:35,722 INFO L290 TraceCheckUtils]: 91: Hoare triple {40242#true} assume { :end_inline_setup_rjh__role__Keys } true; {40242#true} is VALID [2022-02-20 18:02:35,722 INFO L290 TraceCheckUtils]: 92: Hoare triple {40242#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 33, 0;havoc setup_#t~nondet86#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {40294#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 18:02:35,722 INFO L290 TraceCheckUtils]: 93: Hoare triple {40294#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {40295#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} is VALID [2022-02-20 18:02:35,723 INFO L272 TraceCheckUtils]: 94: Hoare triple {40295#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,723 INFO L290 TraceCheckUtils]: 95: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {40360#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 18:02:35,724 INFO L272 TraceCheckUtils]: 96: Hoare triple {40360#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,724 INFO L290 TraceCheckUtils]: 97: Hoare triple {40349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {40366#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:35,724 INFO L290 TraceCheckUtils]: 98: Hoare triple {40366#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {40367#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:35,725 INFO L290 TraceCheckUtils]: 99: Hoare triple {40367#(= |setClientId_#in~handle| 1)} assume true; {40367#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:35,725 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {40367#(= |setClientId_#in~handle| 1)} {40360#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1629#return; {40365#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:02:35,725 INFO L290 TraceCheckUtils]: 101: Hoare triple {40365#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} assume true; {40365#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:02:35,726 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {40365#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} {40295#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} #1769#return; {40243#false} is VALID [2022-02-20 18:02:35,726 INFO L272 TraceCheckUtils]: 103: Hoare triple {40243#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {40354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:35,726 INFO L290 TraceCheckUtils]: 104: Hoare triple {40354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,726 INFO L290 TraceCheckUtils]: 105: Hoare triple {40242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,726 INFO L290 TraceCheckUtils]: 106: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,726 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {40242#true} {40243#false} #1771#return; {40243#false} is VALID [2022-02-20 18:02:35,726 INFO L290 TraceCheckUtils]: 108: Hoare triple {40243#false} assume { :end_inline_setup_chuck__role__Keys } true; {40243#false} is VALID [2022-02-20 18:02:35,727 INFO L290 TraceCheckUtils]: 109: Hoare triple {40243#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 34, 0;havoc setup_#t~nondet87#1; {40243#false} is VALID [2022-02-20 18:02:35,727 INFO L290 TraceCheckUtils]: 110: Hoare triple {40243#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {40243#false} is VALID [2022-02-20 18:02:35,727 INFO L290 TraceCheckUtils]: 111: Hoare triple {40243#false} assume !false; {40243#false} is VALID [2022-02-20 18:02:35,727 INFO L290 TraceCheckUtils]: 112: Hoare triple {40243#false} assume test_~splverifierCounter~0#1 < 4; {40243#false} is VALID [2022-02-20 18:02:35,727 INFO L290 TraceCheckUtils]: 113: Hoare triple {40243#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {40243#false} is VALID [2022-02-20 18:02:35,727 INFO L290 TraceCheckUtils]: 114: Hoare triple {40243#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {40243#false} is VALID [2022-02-20 18:02:35,727 INFO L290 TraceCheckUtils]: 115: Hoare triple {40243#false} assume !(0 != test_~tmp___9~0#1); {40243#false} is VALID [2022-02-20 18:02:35,727 INFO L290 TraceCheckUtils]: 116: Hoare triple {40243#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {40243#false} is VALID [2022-02-20 18:02:35,727 INFO L290 TraceCheckUtils]: 117: Hoare triple {40243#false} assume 0 != test_~tmp___8~0#1; {40243#false} is VALID [2022-02-20 18:02:35,727 INFO L290 TraceCheckUtils]: 118: Hoare triple {40243#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {40243#false} is VALID [2022-02-20 18:02:35,728 INFO L290 TraceCheckUtils]: 119: Hoare triple {40243#false} test_~op2~0#1 := 1; {40243#false} is VALID [2022-02-20 18:02:35,728 INFO L290 TraceCheckUtils]: 120: Hoare triple {40243#false} assume !false; {40243#false} is VALID [2022-02-20 18:02:35,728 INFO L290 TraceCheckUtils]: 121: Hoare triple {40243#false} assume !(test_~splverifierCounter~0#1 < 4); {40243#false} is VALID [2022-02-20 18:02:35,728 INFO L290 TraceCheckUtils]: 122: Hoare triple {40243#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_#t~ret82#1, bobToRjh_#t~ret83#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret80#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret80#1 && bobToRjh_#t~ret80#1 <= 2147483647;havoc bobToRjh_#t~ret80#1; {40243#false} is VALID [2022-02-20 18:02:35,728 INFO L272 TraceCheckUtils]: 123: Hoare triple {40243#false} call sendEmail(~bob~0, ~rjh~0); {40243#false} is VALID [2022-02-20 18:02:35,728 INFO L290 TraceCheckUtils]: 124: Hoare triple {40243#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~24#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~7#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~7#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {40243#false} is VALID [2022-02-20 18:02:35,728 INFO L272 TraceCheckUtils]: 125: Hoare triple {40243#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {40368#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:35,728 INFO L290 TraceCheckUtils]: 126: Hoare triple {40368#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,728 INFO L290 TraceCheckUtils]: 127: Hoare triple {40242#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,728 INFO L290 TraceCheckUtils]: 128: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,729 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {40242#true} {40243#false} #1651#return; {40243#false} is VALID [2022-02-20 18:02:35,729 INFO L272 TraceCheckUtils]: 130: Hoare triple {40243#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {40369#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:35,729 INFO L290 TraceCheckUtils]: 131: Hoare triple {40369#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,729 INFO L290 TraceCheckUtils]: 132: Hoare triple {40242#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,729 INFO L290 TraceCheckUtils]: 133: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,729 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {40242#true} {40243#false} #1653#return; {40243#false} is VALID [2022-02-20 18:02:35,729 INFO L290 TraceCheckUtils]: 135: Hoare triple {40243#false} createEmail_~retValue_acc~7#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~7#1; {40243#false} is VALID [2022-02-20 18:02:35,729 INFO L290 TraceCheckUtils]: 136: Hoare triple {40243#false} #t~ret119#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret119#1 && #t~ret119#1 <= 2147483647;~tmp~24#1 := #t~ret119#1;havoc #t~ret119#1;~email~0#1 := ~tmp~24#1; {40243#false} is VALID [2022-02-20 18:02:35,729 INFO L272 TraceCheckUtils]: 137: Hoare triple {40243#false} call outgoing(~sender#1, ~email~0#1); {40243#false} is VALID [2022-02-20 18:02:35,729 INFO L290 TraceCheckUtils]: 138: Hoare triple {40243#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {40243#false} is VALID [2022-02-20 18:02:35,730 INFO L290 TraceCheckUtils]: 139: Hoare triple {40243#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {40243#false} is VALID [2022-02-20 18:02:35,730 INFO L272 TraceCheckUtils]: 140: Hoare triple {40243#false} call outgoing__before__Sign(~client#1, ~msg#1); {40243#false} is VALID [2022-02-20 18:02:35,730 INFO L290 TraceCheckUtils]: 141: Hoare triple {40243#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {40243#false} is VALID [2022-02-20 18:02:35,730 INFO L290 TraceCheckUtils]: 142: Hoare triple {40243#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {40243#false} is VALID [2022-02-20 18:02:35,730 INFO L272 TraceCheckUtils]: 143: Hoare triple {40243#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {40243#false} is VALID [2022-02-20 18:02:35,730 INFO L290 TraceCheckUtils]: 144: Hoare triple {40243#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {40243#false} is VALID [2022-02-20 18:02:35,730 INFO L290 TraceCheckUtils]: 145: Hoare triple {40243#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret103#1, outgoing__role__Encrypt_#t~ret104#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~18#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~7#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~18#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~7#1; {40243#false} is VALID [2022-02-20 18:02:35,730 INFO L272 TraceCheckUtils]: 146: Hoare triple {40243#false} call outgoing__role__Encrypt_#t~ret103#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {40242#true} is VALID [2022-02-20 18:02:35,730 INFO L290 TraceCheckUtils]: 147: Hoare triple {40242#true} ~handle := #in~handle;havoc ~retValue_acc~32; {40242#true} is VALID [2022-02-20 18:02:35,730 INFO L290 TraceCheckUtils]: 148: Hoare triple {40242#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {40242#true} is VALID [2022-02-20 18:02:35,731 INFO L290 TraceCheckUtils]: 149: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,731 INFO L284 TraceCheckUtils]: 150: Hoare quadruple {40242#true} {40243#false} #1617#return; {40243#false} is VALID [2022-02-20 18:02:35,731 INFO L290 TraceCheckUtils]: 151: Hoare triple {40243#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret103#1 && outgoing__role__Encrypt_#t~ret103#1 <= 2147483647;outgoing__role__Encrypt_~tmp~18#1 := outgoing__role__Encrypt_#t~ret103#1;havoc outgoing__role__Encrypt_#t~ret103#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~18#1; {40243#false} is VALID [2022-02-20 18:02:35,731 INFO L272 TraceCheckUtils]: 152: Hoare triple {40243#false} call outgoing__role__Encrypt_#t~ret104#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {40242#true} is VALID [2022-02-20 18:02:35,731 INFO L290 TraceCheckUtils]: 153: Hoare triple {40242#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~24; {40242#true} is VALID [2022-02-20 18:02:35,731 INFO L290 TraceCheckUtils]: 154: Hoare triple {40242#true} assume 1 == ~handle; {40242#true} is VALID [2022-02-20 18:02:35,731 INFO L290 TraceCheckUtils]: 155: Hoare triple {40242#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~24 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~24; {40242#true} is VALID [2022-02-20 18:02:35,731 INFO L290 TraceCheckUtils]: 156: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,731 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {40242#true} {40243#false} #1619#return; {40243#false} is VALID [2022-02-20 18:02:35,731 INFO L290 TraceCheckUtils]: 158: Hoare triple {40243#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret104#1 && outgoing__role__Encrypt_#t~ret104#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~7#1 := outgoing__role__Encrypt_#t~ret104#1;havoc outgoing__role__Encrypt_#t~ret104#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~7#1; {40243#false} is VALID [2022-02-20 18:02:35,732 INFO L290 TraceCheckUtils]: 159: Hoare triple {40243#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {40243#false} is VALID [2022-02-20 18:02:35,732 INFO L272 TraceCheckUtils]: 160: Hoare triple {40243#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {40243#false} is VALID [2022-02-20 18:02:35,732 INFO L290 TraceCheckUtils]: 161: Hoare triple {40243#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~17#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~26#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~26#1; {40243#false} is VALID [2022-02-20 18:02:35,732 INFO L290 TraceCheckUtils]: 162: Hoare triple {40243#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~26#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~26#1; {40243#false} is VALID [2022-02-20 18:02:35,732 INFO L290 TraceCheckUtils]: 163: Hoare triple {40243#false} #t~ret102#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret102#1 && #t~ret102#1 <= 2147483647;~tmp~17#1 := #t~ret102#1;havoc #t~ret102#1; {40243#false} is VALID [2022-02-20 18:02:35,732 INFO L272 TraceCheckUtils]: 164: Hoare triple {40243#false} call setEmailFrom(~msg#1, ~tmp~17#1); {40368#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:35,732 INFO L290 TraceCheckUtils]: 165: Hoare triple {40368#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {40242#true} is VALID [2022-02-20 18:02:35,732 INFO L290 TraceCheckUtils]: 166: Hoare triple {40242#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {40242#true} is VALID [2022-02-20 18:02:35,732 INFO L290 TraceCheckUtils]: 167: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,732 INFO L284 TraceCheckUtils]: 168: Hoare quadruple {40242#true} {40243#false} #1663#return; {40243#false} is VALID [2022-02-20 18:02:35,733 INFO L290 TraceCheckUtils]: 169: Hoare triple {40243#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret100#1, mail_#t~ret101#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~16#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~16#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret4#1; {40243#false} is VALID [2022-02-20 18:02:35,733 INFO L272 TraceCheckUtils]: 170: Hoare triple {40243#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {40242#true} is VALID [2022-02-20 18:02:35,733 INFO L290 TraceCheckUtils]: 171: Hoare triple {40242#true} ~handle := #in~handle;havoc ~retValue_acc~35; {40242#true} is VALID [2022-02-20 18:02:35,733 INFO L290 TraceCheckUtils]: 172: Hoare triple {40242#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {40242#true} is VALID [2022-02-20 18:02:35,733 INFO L290 TraceCheckUtils]: 173: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,733 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {40242#true} {40243#false} #1665#return; {40243#false} is VALID [2022-02-20 18:02:35,733 INFO L290 TraceCheckUtils]: 175: Hoare triple {40243#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret5#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet6#1; {40243#false} is VALID [2022-02-20 18:02:35,733 INFO L290 TraceCheckUtils]: 176: Hoare triple {40243#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret100#1 := puts(38, 0);assume -2147483648 <= mail_#t~ret100#1 && mail_#t~ret100#1 <= 2147483647;havoc mail_#t~ret100#1; {40243#false} is VALID [2022-02-20 18:02:35,733 INFO L272 TraceCheckUtils]: 177: Hoare triple {40243#false} call mail_#t~ret101#1 := getEmailTo(mail_~msg#1); {40242#true} is VALID [2022-02-20 18:02:35,733 INFO L290 TraceCheckUtils]: 178: Hoare triple {40242#true} ~handle := #in~handle;havoc ~retValue_acc~32; {40242#true} is VALID [2022-02-20 18:02:35,734 INFO L290 TraceCheckUtils]: 179: Hoare triple {40242#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {40242#true} is VALID [2022-02-20 18:02:35,734 INFO L290 TraceCheckUtils]: 180: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,734 INFO L284 TraceCheckUtils]: 181: Hoare quadruple {40242#true} {40243#false} #1667#return; {40243#false} is VALID [2022-02-20 18:02:35,734 INFO L290 TraceCheckUtils]: 182: Hoare triple {40243#false} assume -2147483648 <= mail_#t~ret101#1 && mail_#t~ret101#1 <= 2147483647;mail_~tmp~16#1 := mail_#t~ret101#1;havoc mail_#t~ret101#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~16#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret7#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 7, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet8#1; {40243#false} is VALID [2022-02-20 18:02:35,734 INFO L290 TraceCheckUtils]: 183: Hoare triple {40243#false} assume 1 == ~sent_encrypted~0; {40243#false} is VALID [2022-02-20 18:02:35,734 INFO L272 TraceCheckUtils]: 184: Hoare triple {40243#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {40242#true} is VALID [2022-02-20 18:02:35,734 INFO L290 TraceCheckUtils]: 185: Hoare triple {40242#true} ~handle := #in~handle;havoc ~retValue_acc~19; {40242#true} is VALID [2022-02-20 18:02:35,734 INFO L290 TraceCheckUtils]: 186: Hoare triple {40242#true} assume 1 == ~handle;~retValue_acc~19 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~19; {40242#true} is VALID [2022-02-20 18:02:35,734 INFO L290 TraceCheckUtils]: 187: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,735 INFO L284 TraceCheckUtils]: 188: Hoare quadruple {40242#true} {40243#false} #1669#return; {40243#false} is VALID [2022-02-20 18:02:35,735 INFO L290 TraceCheckUtils]: 189: Hoare triple {40243#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret9#1; {40243#false} is VALID [2022-02-20 18:02:35,735 INFO L272 TraceCheckUtils]: 190: Hoare triple {40243#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {40242#true} is VALID [2022-02-20 18:02:35,735 INFO L290 TraceCheckUtils]: 191: Hoare triple {40242#true} ~handle := #in~handle;havoc ~retValue_acc~36; {40242#true} is VALID [2022-02-20 18:02:35,735 INFO L290 TraceCheckUtils]: 192: Hoare triple {40242#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {40242#true} is VALID [2022-02-20 18:02:35,735 INFO L290 TraceCheckUtils]: 193: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,735 INFO L284 TraceCheckUtils]: 194: Hoare quadruple {40242#true} {40243#false} #1671#return; {40243#false} is VALID [2022-02-20 18:02:35,735 INFO L290 TraceCheckUtils]: 195: Hoare triple {40243#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret10#1; {40243#false} is VALID [2022-02-20 18:02:35,735 INFO L272 TraceCheckUtils]: 196: Hoare triple {40243#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~0#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~0#1); {40242#true} is VALID [2022-02-20 18:02:35,735 INFO L290 TraceCheckUtils]: 197: Hoare triple {40242#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~44;havoc ~__cil_tmp4~6.base, ~__cil_tmp4~6.offset;~__cil_tmp4~6.base, ~__cil_tmp4~6.offset := 42, 0;havoc #t~nondet120; {40242#true} is VALID [2022-02-20 18:02:35,736 INFO L290 TraceCheckUtils]: 198: Hoare triple {40242#true} assume 0 == ~publicKey;~retValue_acc~44 := 0;#res := ~retValue_acc~44; {40242#true} is VALID [2022-02-20 18:02:35,736 INFO L290 TraceCheckUtils]: 199: Hoare triple {40242#true} assume true; {40242#true} is VALID [2022-02-20 18:02:35,736 INFO L284 TraceCheckUtils]: 200: Hoare quadruple {40242#true} {40243#false} #1673#return; {40243#false} is VALID [2022-02-20 18:02:35,736 INFO L290 TraceCheckUtils]: 201: Hoare triple {40243#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret11#1; {40243#false} is VALID [2022-02-20 18:02:35,736 INFO L290 TraceCheckUtils]: 202: Hoare triple {40243#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~0#1);assume { :begin_inline___automaton_fail } true; {40243#false} is VALID [2022-02-20 18:02:35,736 INFO L290 TraceCheckUtils]: 203: Hoare triple {40243#false} assume !false; {40243#false} is VALID [2022-02-20 18:02:35,736 INFO L134 CoverageAnalysis]: Checked inductivity of 118 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 18:02:35,737 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:35,737 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1251514005] [2022-02-20 18:02:35,737 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1251514005] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:35,737 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:35,737 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:02:35,737 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [19336625] [2022-02-20 18:02:35,737 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:35,738 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 10 states have (on average 11.7) internal successors, (117), 8 states have internal predecessors, (117), 4 states have call successors, (32), 6 states have call predecessors, (32), 3 states have return successors, (27), 3 states have call predecessors, (27), 4 states have call successors, (27) Word has length 204 [2022-02-20 18:02:35,738 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:35,739 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 10 states have (on average 11.7) internal successors, (117), 8 states have internal predecessors, (117), 4 states have call successors, (32), 6 states have call predecessors, (32), 3 states have return successors, (27), 3 states have call predecessors, (27), 4 states have call successors, (27) [2022-02-20 18:02:35,910 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 176 edges. 176 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:35,911 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:02:35,911 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:35,911 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:02:35,911 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:35,912 INFO L87 Difference]: Start difference. First operand 692 states and 1013 transitions. Second operand has 12 states, 10 states have (on average 11.7) internal successors, (117), 8 states have internal predecessors, (117), 4 states have call successors, (32), 6 states have call predecessors, (32), 3 states have return successors, (27), 3 states have call predecessors, (27), 4 states have call successors, (27)