./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec7_productSimulator.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec7_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1d8908adfa5a1758f016a2fa64af2c05db2b3cc5d1fb9ac5b8aa70e5689b8434 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:02:49,961 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:02:49,963 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:02:49,988 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:02:49,989 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:02:49,992 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:02:49,993 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:02:49,995 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:02:49,996 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:02:49,997 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:02:49,997 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:02:49,998 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:02:49,998 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:02:49,999 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:02:50,000 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:02:50,000 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:02:50,001 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:02:50,001 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:02:50,002 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:02:50,004 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:02:50,005 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:02:50,005 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:02:50,006 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:02:50,007 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:02:50,008 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:02:50,009 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:02:50,009 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:02:50,010 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:02:50,010 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:02:50,011 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:02:50,011 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:02:50,011 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:02:50,012 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:02:50,012 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:02:50,013 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:02:50,013 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:02:50,014 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:02:50,014 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:02:50,015 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:02:50,015 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:02:50,016 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:02:50,017 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:02:50,033 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:02:50,038 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:02:50,038 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:02:50,038 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:02:50,039 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:02:50,039 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:02:50,040 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:02:50,040 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:02:50,040 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:02:50,040 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:02:50,040 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:02:50,041 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:02:50,041 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:02:50,041 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:02:50,042 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:02:50,042 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:02:50,042 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:02:50,042 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:02:50,042 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:02:50,042 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:02:50,042 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:02:50,043 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:02:50,043 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:02:50,043 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:02:50,043 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:02:50,043 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:02:50,043 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:02:50,044 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:02:50,044 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:02:50,044 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:02:50,044 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:02:50,044 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:02:50,044 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:02:50,045 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1d8908adfa5a1758f016a2fa64af2c05db2b3cc5d1fb9ac5b8aa70e5689b8434 [2022-02-20 18:02:50,218 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:02:50,237 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:02:50,239 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:02:50,239 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:02:50,250 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:02:50,252 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec7_productSimulator.cil.c [2022-02-20 18:02:50,303 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9312e9042/ae9aa1d0243242319e8117301dd83fc2/FLAG43a988312 [2022-02-20 18:02:50,747 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:02:50,748 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_productSimulator.cil.c [2022-02-20 18:02:50,778 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9312e9042/ae9aa1d0243242319e8117301dd83fc2/FLAG43a988312 [2022-02-20 18:02:51,107 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9312e9042/ae9aa1d0243242319e8117301dd83fc2 [2022-02-20 18:02:51,109 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:02:51,112 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:02:51,114 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:02:51,115 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:02:51,117 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:02:51,118 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:02:51" (1/1) ... [2022-02-20 18:02:51,118 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@17a675a6 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51, skipping insertion in model container [2022-02-20 18:02:51,118 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:02:51" (1/1) ... [2022-02-20 18:02:51,123 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:02:51,185 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:02:51,652 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_productSimulator.cil.c[72622,72635] [2022-02-20 18:02:51,654 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:02:51,664 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:02:51,781 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_productSimulator.cil.c[72622,72635] [2022-02-20 18:02:51,783 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:02:51,820 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:02:51,820 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51 WrapperNode [2022-02-20 18:02:51,820 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:02:51,821 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:02:51,821 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:02:51,821 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:02:51,826 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51" (1/1) ... [2022-02-20 18:02:51,851 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51" (1/1) ... [2022-02-20 18:02:51,904 INFO L137 Inliner]: procedures = 151, calls = 280, calls flagged for inlining = 67, calls inlined = 64, statements flattened = 1299 [2022-02-20 18:02:51,905 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:02:51,906 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:02:51,906 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:02:51,906 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:02:51,912 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51" (1/1) ... [2022-02-20 18:02:51,912 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51" (1/1) ... [2022-02-20 18:02:51,930 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51" (1/1) ... [2022-02-20 18:02:51,930 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51" (1/1) ... [2022-02-20 18:02:51,967 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51" (1/1) ... [2022-02-20 18:02:51,975 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51" (1/1) ... [2022-02-20 18:02:51,979 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51" (1/1) ... [2022-02-20 18:02:51,986 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:02:51,986 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:02:51,986 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:02:51,987 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:02:51,987 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51" (1/1) ... [2022-02-20 18:02:52,005 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:02:52,013 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:52,056 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:02:52,060 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:02:52,087 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:02:52,087 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:02:52,087 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck__before__Keys [2022-02-20 18:02:52,087 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck__before__Keys [2022-02-20 18:02:52,087 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Sign [2022-02-20 18:02:52,087 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Sign [2022-02-20 18:02:52,087 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 18:02:52,088 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 18:02:52,089 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:02:52,089 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:02:52,089 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 18:02:52,089 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 18:02:52,089 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:02:52,089 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:02:52,089 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Verify [2022-02-20 18:02:52,090 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Verify [2022-02-20 18:02:52,090 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:02:52,090 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:02:52,090 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob__before__Keys [2022-02-20 18:02:52,090 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob__before__Keys [2022-02-20 18:02:52,090 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:02:52,090 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:02:52,090 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:02:52,091 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:02:52,091 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:02:52,091 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:02:52,091 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Decrypt [2022-02-20 18:02:52,091 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Decrypt [2022-02-20 18:02:52,091 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Encrypt [2022-02-20 18:02:52,091 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Encrypt [2022-02-20 18:02:52,091 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:02:52,091 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:02:52,092 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:02:52,092 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:02:52,092 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:02:52,092 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:02:52,092 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:02:52,092 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Forward [2022-02-20 18:02:52,092 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Forward [2022-02-20 18:02:52,093 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:02:52,093 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:02:52,093 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 18:02:52,093 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 18:02:52,093 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:02:52,093 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:02:52,093 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable__before__Encrypt [2022-02-20 18:02:52,094 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable__before__Encrypt [2022-02-20 18:02:52,094 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:02:52,094 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:02:52,094 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:02:52,094 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:02:52,094 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:02:52,094 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__AddressBook [2022-02-20 18:02:52,095 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__AddressBook [2022-02-20 18:02:52,095 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Encrypt [2022-02-20 18:02:52,096 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Encrypt [2022-02-20 18:02:52,096 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__AutoResponder [2022-02-20 18:02:52,096 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__AutoResponder [2022-02-20 18:02:52,097 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 18:02:52,097 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 18:02:52,097 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:02:52,097 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:02:52,098 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:02:52,098 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:02:52,098 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:02:52,098 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:02:52,098 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 18:02:52,098 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 18:02:52,098 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:02:52,098 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:02:52,099 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:02:52,099 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:02:52,099 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh__before__Keys [2022-02-20 18:02:52,099 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh__before__Keys [2022-02-20 18:02:52,100 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Verify [2022-02-20 18:02:52,100 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Verify [2022-02-20 18:02:52,100 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:02:52,100 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:02:52,100 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:02:52,100 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:02:52,100 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:02:52,100 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:02:52,100 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:02:52,101 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Sign [2022-02-20 18:02:52,101 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Sign [2022-02-20 18:02:52,101 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2022-02-20 18:02:52,101 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2022-02-20 18:02:52,101 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 18:02:52,101 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 18:02:52,101 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:02:52,101 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:02:52,316 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:02:52,318 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:02:53,084 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:02:53,093 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:02:53,094 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:02:53,095 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:02:53 BoogieIcfgContainer [2022-02-20 18:02:53,096 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:02:53,097 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:02:53,097 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:02:53,099 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:02:53,099 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:02:51" (1/3) ... [2022-02-20 18:02:53,100 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@21358609 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:02:53, skipping insertion in model container [2022-02-20 18:02:53,100 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:51" (2/3) ... [2022-02-20 18:02:53,100 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@21358609 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:02:53, skipping insertion in model container [2022-02-20 18:02:53,100 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:02:53" (3/3) ... [2022-02-20 18:02:53,101 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec7_productSimulator.cil.c [2022-02-20 18:02:53,104 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:02:53,105 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:02:53,136 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:02:53,140 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:02:53,140 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:02:53,166 INFO L276 IsEmpty]: Start isEmpty. Operand has 600 states, 446 states have (on average 1.515695067264574) internal successors, (676), 466 states have internal predecessors, (676), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:02:53,181 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 142 [2022-02-20 18:02:53,181 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:53,182 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:53,182 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:53,186 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:53,186 INFO L85 PathProgramCache]: Analyzing trace with hash -78162442, now seen corresponding path program 1 times [2022-02-20 18:02:53,192 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:53,193 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1853343488] [2022-02-20 18:02:53,193 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:53,194 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:53,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,403 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:02:53,406 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,413 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,413 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,414 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1721#return; {603#true} is VALID [2022-02-20 18:02:53,414 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:02:53,417 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,420 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,420 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,420 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1723#return; {603#true} is VALID [2022-02-20 18:02:53,420 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:02:53,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,426 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,426 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,426 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1725#return; {603#true} is VALID [2022-02-20 18:02:53,427 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:53,429 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,431 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,431 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,432 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1727#return; {603#true} is VALID [2022-02-20 18:02:53,432 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:02:53,459 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,462 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,462 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,462 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1729#return; {603#true} is VALID [2022-02-20 18:02:53,463 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:02:53,465 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,468 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,468 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,468 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1731#return; {603#true} is VALID [2022-02-20 18:02:53,468 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:02:53,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,473 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,473 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,473 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1733#return; {603#true} is VALID [2022-02-20 18:02:53,473 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:02:53,476 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,478 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,478 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,479 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1735#return; {603#true} is VALID [2022-02-20 18:02:53,484 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 18:02:53,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,490 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:53,491 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,493 INFO L290 TraceCheckUtils]: 0: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,494 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,494 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,494 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {603#true} #1719#return; {603#true} is VALID [2022-02-20 18:02:53,494 INFO L290 TraceCheckUtils]: 0: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {603#true} is VALID [2022-02-20 18:02:53,495 INFO L272 TraceCheckUtils]: 1: Hoare triple {603#true} call setClientId(~bob___0, ~bob___0); {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:53,496 INFO L290 TraceCheckUtils]: 2: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,496 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,496 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,496 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {603#true} {603#true} #1719#return; {603#true} is VALID [2022-02-20 18:02:53,496 INFO L290 TraceCheckUtils]: 6: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,497 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {603#true} {603#true} #1741#return; {603#true} is VALID [2022-02-20 18:02:53,497 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:02:53,499 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,502 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:53,503 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,505 INFO L290 TraceCheckUtils]: 0: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,506 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,506 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,506 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {603#true} #1671#return; {603#true} is VALID [2022-02-20 18:02:53,506 INFO L290 TraceCheckUtils]: 0: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {603#true} is VALID [2022-02-20 18:02:53,507 INFO L272 TraceCheckUtils]: 1: Hoare triple {603#true} call setClientId(~rjh___0, ~rjh___0); {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:53,507 INFO L290 TraceCheckUtils]: 2: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,508 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,508 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,508 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {603#true} {603#true} #1671#return; {603#true} is VALID [2022-02-20 18:02:53,508 INFO L290 TraceCheckUtils]: 6: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,509 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {603#true} {603#true} #1747#return; {603#true} is VALID [2022-02-20 18:02:53,509 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:02:53,511 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,514 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:53,515 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,518 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,519 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {603#true} #1617#return; {603#true} is VALID [2022-02-20 18:02:53,519 INFO L290 TraceCheckUtils]: 0: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {603#true} is VALID [2022-02-20 18:02:53,520 INFO L272 TraceCheckUtils]: 1: Hoare triple {603#true} call setClientId(~chuck___0, ~chuck___0); {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:53,520 INFO L290 TraceCheckUtils]: 2: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,520 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,520 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,521 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {603#true} {603#true} #1617#return; {603#true} is VALID [2022-02-20 18:02:53,521 INFO L290 TraceCheckUtils]: 6: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,521 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {603#true} {603#true} #1753#return; {603#true} is VALID [2022-02-20 18:02:53,525 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:02:53,526 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,529 INFO L290 TraceCheckUtils]: 0: Hoare triple {691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,529 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,529 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,530 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1639#return; {604#false} is VALID [2022-02-20 18:02:53,534 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:02:53,536 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,538 INFO L290 TraceCheckUtils]: 0: Hoare triple {692#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,539 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,539 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,539 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1641#return; {604#false} is VALID [2022-02-20 18:02:53,539 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:02:53,540 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,542 INFO L290 TraceCheckUtils]: 0: Hoare triple {691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,543 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,543 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,543 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1651#return; {604#false} is VALID [2022-02-20 18:02:53,543 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:02:53,544 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,546 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} ~handle := #in~handle;havoc ~retValue_acc~8; {603#true} is VALID [2022-02-20 18:02:53,546 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {603#true} is VALID [2022-02-20 18:02:53,547 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,547 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {603#true} {604#false} #1653#return; {604#false} is VALID [2022-02-20 18:02:53,547 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 18:02:53,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,551 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:02:53,552 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:53,554 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {603#true} is VALID [2022-02-20 18:02:53,554 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,554 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {603#true} {603#true} #1797#return; {603#true} is VALID [2022-02-20 18:02:53,555 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {603#true} is VALID [2022-02-20 18:02:53,555 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {603#true} is VALID [2022-02-20 18:02:53,555 INFO L272 TraceCheckUtils]: 2: Hoare triple {603#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {603#true} is VALID [2022-02-20 18:02:53,555 INFO L290 TraceCheckUtils]: 3: Hoare triple {603#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {603#true} is VALID [2022-02-20 18:02:53,556 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,556 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {603#true} {603#true} #1797#return; {603#true} is VALID [2022-02-20 18:02:53,556 INFO L290 TraceCheckUtils]: 6: Hoare triple {603#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {603#true} is VALID [2022-02-20 18:02:53,556 INFO L290 TraceCheckUtils]: 7: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,556 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {603#true} {604#false} #1587#return; {604#false} is VALID [2022-02-20 18:02:53,557 INFO L290 TraceCheckUtils]: 0: Hoare triple {603#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {603#true} is VALID [2022-02-20 18:02:53,558 INFO L290 TraceCheckUtils]: 1: Hoare triple {603#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {603#true} is VALID [2022-02-20 18:02:53,558 INFO L290 TraceCheckUtils]: 2: Hoare triple {603#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {603#true} is VALID [2022-02-20 18:02:53,558 INFO L272 TraceCheckUtils]: 3: Hoare triple {603#true} call select_features_#t~ret92#1 := select_one(); {603#true} is VALID [2022-02-20 18:02:53,558 INFO L290 TraceCheckUtils]: 4: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,558 INFO L290 TraceCheckUtils]: 5: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,559 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {603#true} {603#true} #1721#return; {603#true} is VALID [2022-02-20 18:02:53,559 INFO L290 TraceCheckUtils]: 7: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {603#true} is VALID [2022-02-20 18:02:53,559 INFO L272 TraceCheckUtils]: 8: Hoare triple {603#true} call select_features_#t~ret93#1 := select_one(); {603#true} is VALID [2022-02-20 18:02:53,559 INFO L290 TraceCheckUtils]: 9: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,559 INFO L290 TraceCheckUtils]: 10: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,560 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {603#true} {603#true} #1723#return; {603#true} is VALID [2022-02-20 18:02:53,560 INFO L290 TraceCheckUtils]: 12: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {603#true} is VALID [2022-02-20 18:02:53,560 INFO L272 TraceCheckUtils]: 13: Hoare triple {603#true} call select_features_#t~ret94#1 := select_one(); {603#true} is VALID [2022-02-20 18:02:53,560 INFO L290 TraceCheckUtils]: 14: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,560 INFO L290 TraceCheckUtils]: 15: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,561 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {603#true} {603#true} #1725#return; {603#true} is VALID [2022-02-20 18:02:53,561 INFO L290 TraceCheckUtils]: 17: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {603#true} is VALID [2022-02-20 18:02:53,561 INFO L272 TraceCheckUtils]: 18: Hoare triple {603#true} call select_features_#t~ret95#1 := select_one(); {603#true} is VALID [2022-02-20 18:02:53,561 INFO L290 TraceCheckUtils]: 19: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,561 INFO L290 TraceCheckUtils]: 20: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,562 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {603#true} {603#true} #1727#return; {603#true} is VALID [2022-02-20 18:02:53,562 INFO L290 TraceCheckUtils]: 22: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {603#true} is VALID [2022-02-20 18:02:53,562 INFO L272 TraceCheckUtils]: 23: Hoare triple {603#true} call select_features_#t~ret96#1 := select_one(); {603#true} is VALID [2022-02-20 18:02:53,562 INFO L290 TraceCheckUtils]: 24: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,563 INFO L290 TraceCheckUtils]: 25: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,563 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {603#true} {603#true} #1729#return; {603#true} is VALID [2022-02-20 18:02:53,563 INFO L290 TraceCheckUtils]: 27: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {603#true} is VALID [2022-02-20 18:02:53,563 INFO L272 TraceCheckUtils]: 28: Hoare triple {603#true} call select_features_#t~ret97#1 := select_one(); {603#true} is VALID [2022-02-20 18:02:53,563 INFO L290 TraceCheckUtils]: 29: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,564 INFO L290 TraceCheckUtils]: 30: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,564 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {603#true} {603#true} #1731#return; {603#true} is VALID [2022-02-20 18:02:53,564 INFO L290 TraceCheckUtils]: 32: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {603#true} is VALID [2022-02-20 18:02:53,564 INFO L272 TraceCheckUtils]: 33: Hoare triple {603#true} call select_features_#t~ret98#1 := select_one(); {603#true} is VALID [2022-02-20 18:02:53,564 INFO L290 TraceCheckUtils]: 34: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,565 INFO L290 TraceCheckUtils]: 35: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,565 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {603#true} {603#true} #1733#return; {603#true} is VALID [2022-02-20 18:02:53,565 INFO L290 TraceCheckUtils]: 37: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {603#true} is VALID [2022-02-20 18:02:53,565 INFO L272 TraceCheckUtils]: 38: Hoare triple {603#true} call select_features_#t~ret99#1 := select_one(); {603#true} is VALID [2022-02-20 18:02:53,565 INFO L290 TraceCheckUtils]: 39: Hoare triple {603#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {603#true} is VALID [2022-02-20 18:02:53,566 INFO L290 TraceCheckUtils]: 40: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,566 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {603#true} {603#true} #1735#return; {603#true} is VALID [2022-02-20 18:02:53,566 INFO L290 TraceCheckUtils]: 42: Hoare triple {603#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {603#true} is VALID [2022-02-20 18:02:53,566 INFO L290 TraceCheckUtils]: 43: Hoare triple {603#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {603#true} is VALID [2022-02-20 18:02:53,566 INFO L290 TraceCheckUtils]: 44: Hoare triple {603#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {603#true} is VALID [2022-02-20 18:02:53,567 INFO L290 TraceCheckUtils]: 45: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~24#1 := 0; {603#true} is VALID [2022-02-20 18:02:53,567 INFO L290 TraceCheckUtils]: 46: Hoare triple {603#true} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {603#true} is VALID [2022-02-20 18:02:53,567 INFO L290 TraceCheckUtils]: 47: Hoare triple {603#true} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {603#true} is VALID [2022-02-20 18:02:53,567 INFO L290 TraceCheckUtils]: 48: Hoare triple {603#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {603#true} is VALID [2022-02-20 18:02:53,568 INFO L290 TraceCheckUtils]: 49: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {603#true} is VALID [2022-02-20 18:02:53,569 INFO L272 TraceCheckUtils]: 50: Hoare triple {603#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:53,569 INFO L290 TraceCheckUtils]: 51: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {603#true} is VALID [2022-02-20 18:02:53,570 INFO L272 TraceCheckUtils]: 52: Hoare triple {603#true} call setClientId(~bob___0, ~bob___0); {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:53,570 INFO L290 TraceCheckUtils]: 53: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,570 INFO L290 TraceCheckUtils]: 54: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,570 INFO L290 TraceCheckUtils]: 55: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,570 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {603#true} {603#true} #1719#return; {603#true} is VALID [2022-02-20 18:02:53,571 INFO L290 TraceCheckUtils]: 57: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,571 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {603#true} {603#true} #1741#return; {603#true} is VALID [2022-02-20 18:02:53,571 INFO L290 TraceCheckUtils]: 59: Hoare triple {603#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {603#true} is VALID [2022-02-20 18:02:53,571 INFO L290 TraceCheckUtils]: 60: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {603#true} is VALID [2022-02-20 18:02:53,572 INFO L272 TraceCheckUtils]: 61: Hoare triple {603#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:53,572 INFO L290 TraceCheckUtils]: 62: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {603#true} is VALID [2022-02-20 18:02:53,573 INFO L272 TraceCheckUtils]: 63: Hoare triple {603#true} call setClientId(~rjh___0, ~rjh___0); {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:53,573 INFO L290 TraceCheckUtils]: 64: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,573 INFO L290 TraceCheckUtils]: 65: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,574 INFO L290 TraceCheckUtils]: 66: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,574 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {603#true} {603#true} #1671#return; {603#true} is VALID [2022-02-20 18:02:53,574 INFO L290 TraceCheckUtils]: 68: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,574 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {603#true} {603#true} #1747#return; {603#true} is VALID [2022-02-20 18:02:53,574 INFO L290 TraceCheckUtils]: 70: Hoare triple {603#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {603#true} is VALID [2022-02-20 18:02:53,575 INFO L290 TraceCheckUtils]: 71: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {603#true} is VALID [2022-02-20 18:02:53,575 INFO L272 TraceCheckUtils]: 72: Hoare triple {603#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:53,576 INFO L290 TraceCheckUtils]: 73: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {603#true} is VALID [2022-02-20 18:02:53,576 INFO L272 TraceCheckUtils]: 74: Hoare triple {603#true} call setClientId(~chuck___0, ~chuck___0); {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:53,577 INFO L290 TraceCheckUtils]: 75: Hoare triple {678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,577 INFO L290 TraceCheckUtils]: 76: Hoare triple {603#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,577 INFO L290 TraceCheckUtils]: 77: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,577 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {603#true} {603#true} #1617#return; {603#true} is VALID [2022-02-20 18:02:53,577 INFO L290 TraceCheckUtils]: 79: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,578 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {603#true} {603#true} #1753#return; {603#true} is VALID [2022-02-20 18:02:53,578 INFO L290 TraceCheckUtils]: 81: Hoare triple {603#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {603#true} is VALID [2022-02-20 18:02:53,578 INFO L290 TraceCheckUtils]: 82: Hoare triple {603#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {603#true} is VALID [2022-02-20 18:02:53,579 INFO L290 TraceCheckUtils]: 83: Hoare triple {603#true} assume false; {604#false} is VALID [2022-02-20 18:02:53,579 INFO L290 TraceCheckUtils]: 84: Hoare triple {604#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {604#false} is VALID [2022-02-20 18:02:53,579 INFO L272 TraceCheckUtils]: 85: Hoare triple {604#false} call sendEmail(~bob~0, ~rjh~0); {604#false} is VALID [2022-02-20 18:02:53,579 INFO L290 TraceCheckUtils]: 86: Hoare triple {604#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {604#false} is VALID [2022-02-20 18:02:53,580 INFO L272 TraceCheckUtils]: 87: Hoare triple {604#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:53,580 INFO L290 TraceCheckUtils]: 88: Hoare triple {691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,580 INFO L290 TraceCheckUtils]: 89: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,580 INFO L290 TraceCheckUtils]: 90: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,580 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {603#true} {604#false} #1639#return; {604#false} is VALID [2022-02-20 18:02:53,580 INFO L272 TraceCheckUtils]: 92: Hoare triple {604#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {692#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:53,581 INFO L290 TraceCheckUtils]: 93: Hoare triple {692#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,581 INFO L290 TraceCheckUtils]: 94: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,581 INFO L290 TraceCheckUtils]: 95: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,581 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {603#true} {604#false} #1641#return; {604#false} is VALID [2022-02-20 18:02:53,581 INFO L290 TraceCheckUtils]: 97: Hoare triple {604#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {604#false} is VALID [2022-02-20 18:02:53,582 INFO L290 TraceCheckUtils]: 98: Hoare triple {604#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {604#false} is VALID [2022-02-20 18:02:53,582 INFO L272 TraceCheckUtils]: 99: Hoare triple {604#false} call outgoing(~sender#1, ~email~0#1); {604#false} is VALID [2022-02-20 18:02:53,582 INFO L290 TraceCheckUtils]: 100: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 18:02:53,582 INFO L290 TraceCheckUtils]: 101: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {604#false} is VALID [2022-02-20 18:02:53,582 INFO L272 TraceCheckUtils]: 102: Hoare triple {604#false} call outgoing__before__Sign(~client#1, ~msg#1); {604#false} is VALID [2022-02-20 18:02:53,583 INFO L290 TraceCheckUtils]: 103: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 18:02:53,583 INFO L290 TraceCheckUtils]: 104: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {604#false} is VALID [2022-02-20 18:02:53,583 INFO L272 TraceCheckUtils]: 105: Hoare triple {604#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {604#false} is VALID [2022-02-20 18:02:53,583 INFO L290 TraceCheckUtils]: 106: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 18:02:53,583 INFO L290 TraceCheckUtils]: 107: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {604#false} is VALID [2022-02-20 18:02:53,584 INFO L272 TraceCheckUtils]: 108: Hoare triple {604#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {604#false} is VALID [2022-02-20 18:02:53,584 INFO L290 TraceCheckUtils]: 109: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {604#false} is VALID [2022-02-20 18:02:53,584 INFO L290 TraceCheckUtils]: 110: Hoare triple {604#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {604#false} is VALID [2022-02-20 18:02:53,584 INFO L290 TraceCheckUtils]: 111: Hoare triple {604#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {604#false} is VALID [2022-02-20 18:02:53,585 INFO L272 TraceCheckUtils]: 112: Hoare triple {604#false} call setEmailFrom(~msg#1, ~tmp~1#1); {691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:53,585 INFO L290 TraceCheckUtils]: 113: Hoare triple {691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {603#true} is VALID [2022-02-20 18:02:53,585 INFO L290 TraceCheckUtils]: 114: Hoare triple {603#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {603#true} is VALID [2022-02-20 18:02:53,585 INFO L290 TraceCheckUtils]: 115: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,585 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {603#true} {604#false} #1651#return; {604#false} is VALID [2022-02-20 18:02:53,586 INFO L290 TraceCheckUtils]: 117: Hoare triple {604#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {604#false} is VALID [2022-02-20 18:02:53,586 INFO L272 TraceCheckUtils]: 118: Hoare triple {604#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {603#true} is VALID [2022-02-20 18:02:53,586 INFO L290 TraceCheckUtils]: 119: Hoare triple {603#true} ~handle := #in~handle;havoc ~retValue_acc~8; {603#true} is VALID [2022-02-20 18:02:53,586 INFO L290 TraceCheckUtils]: 120: Hoare triple {603#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {603#true} is VALID [2022-02-20 18:02:53,586 INFO L290 TraceCheckUtils]: 121: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,586 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {603#true} {604#false} #1653#return; {604#false} is VALID [2022-02-20 18:02:53,587 INFO L290 TraceCheckUtils]: 123: Hoare triple {604#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {604#false} is VALID [2022-02-20 18:02:53,587 INFO L290 TraceCheckUtils]: 124: Hoare triple {604#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {604#false} is VALID [2022-02-20 18:02:53,587 INFO L272 TraceCheckUtils]: 125: Hoare triple {604#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {604#false} is VALID [2022-02-20 18:02:53,587 INFO L290 TraceCheckUtils]: 126: Hoare triple {604#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {604#false} is VALID [2022-02-20 18:02:53,588 INFO L290 TraceCheckUtils]: 127: Hoare triple {604#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {604#false} is VALID [2022-02-20 18:02:53,588 INFO L272 TraceCheckUtils]: 128: Hoare triple {604#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {603#true} is VALID [2022-02-20 18:02:53,588 INFO L290 TraceCheckUtils]: 129: Hoare triple {603#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {603#true} is VALID [2022-02-20 18:02:53,588 INFO L290 TraceCheckUtils]: 130: Hoare triple {603#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {603#true} is VALID [2022-02-20 18:02:53,588 INFO L272 TraceCheckUtils]: 131: Hoare triple {603#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {603#true} is VALID [2022-02-20 18:02:53,589 INFO L290 TraceCheckUtils]: 132: Hoare triple {603#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {603#true} is VALID [2022-02-20 18:02:53,589 INFO L290 TraceCheckUtils]: 133: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,589 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {603#true} {603#true} #1797#return; {603#true} is VALID [2022-02-20 18:02:53,589 INFO L290 TraceCheckUtils]: 135: Hoare triple {603#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {603#true} is VALID [2022-02-20 18:02:53,589 INFO L290 TraceCheckUtils]: 136: Hoare triple {603#true} assume true; {603#true} is VALID [2022-02-20 18:02:53,589 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {603#true} {604#false} #1587#return; {604#false} is VALID [2022-02-20 18:02:53,590 INFO L290 TraceCheckUtils]: 138: Hoare triple {604#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {604#false} is VALID [2022-02-20 18:02:53,590 INFO L290 TraceCheckUtils]: 139: Hoare triple {604#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {604#false} is VALID [2022-02-20 18:02:53,590 INFO L290 TraceCheckUtils]: 140: Hoare triple {604#false} assume !false; {604#false} is VALID [2022-02-20 18:02:53,591 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:02:53,591 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:53,592 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1853343488] [2022-02-20 18:02:53,592 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1853343488] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:53,592 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:53,593 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:02:53,594 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [398519258] [2022-02-20 18:02:53,594 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:53,598 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.4) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 141 [2022-02-20 18:02:53,600 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:53,602 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 14.4) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:02:53,688 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 118 edges. 118 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:53,688 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:02:53,689 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:53,701 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:02:53,702 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:02:53,706 INFO L87 Difference]: Start difference. First operand has 600 states, 446 states have (on average 1.515695067264574) internal successors, (676), 466 states have internal predecessors, (676), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand has 5 states, 5 states have (on average 14.4) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:02:58,330 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:58,330 INFO L93 Difference]: Finished difference Result 1063 states and 1608 transitions. [2022-02-20 18:02:58,331 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:02:58,331 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.4) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 141 [2022-02-20 18:02:58,332 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:58,333 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 14.4) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:02:58,374 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1608 transitions. [2022-02-20 18:02:58,374 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 14.4) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:02:58,404 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1608 transitions. [2022-02-20 18:02:58,404 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 1608 transitions. [2022-02-20 18:02:59,779 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1608 edges. 1608 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:59,861 INFO L225 Difference]: With dead ends: 1063 [2022-02-20 18:02:59,861 INFO L226 Difference]: Without dead ends: 725 [2022-02-20 18:02:59,870 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 50 GetRequests, 43 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:59,874 INFO L933 BasicCegarLoop]: 905 mSDtfsCounter, 1346 mSDsluCounter, 714 mSDsCounter, 0 mSdLazyCounter, 484 mSolverCounterSat, 636 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1354 SdHoareTripleChecker+Valid, 1619 SdHoareTripleChecker+Invalid, 1120 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 636 IncrementalHoareTripleChecker+Valid, 484 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:59,875 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1354 Valid, 1619 Invalid, 1120 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [636 Valid, 484 Invalid, 0 Unknown, 0 Unchecked, 1.8s Time] [2022-02-20 18:02:59,890 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 725 states. [2022-02-20 18:02:59,962 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 725 to 593. [2022-02-20 18:02:59,962 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:59,971 INFO L82 GeneralOperation]: Start isEquivalent. First operand 725 states. Second operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 18:02:59,975 INFO L74 IsIncluded]: Start isIncluded. First operand 725 states. Second operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 18:02:59,976 INFO L87 Difference]: Start difference. First operand 725 states. Second operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 18:03:00,015 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:00,016 INFO L93 Difference]: Finished difference Result 725 states and 1109 transitions. [2022-02-20 18:03:00,016 INFO L276 IsEmpty]: Start isEmpty. Operand 725 states and 1109 transitions. [2022-02-20 18:03:00,020 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:00,020 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:00,022 INFO L74 IsIncluded]: Start isIncluded. First operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 725 states. [2022-02-20 18:03:00,023 INFO L87 Difference]: Start difference. First operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 725 states. [2022-02-20 18:03:00,058 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:00,058 INFO L93 Difference]: Finished difference Result 725 states and 1109 transitions. [2022-02-20 18:03:00,058 INFO L276 IsEmpty]: Start isEmpty. Operand 725 states and 1109 transitions. [2022-02-20 18:03:00,061 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:00,061 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:00,061 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:00,061 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:00,063 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 593 states, 440 states have (on average 1.5113636363636365) internal successors, (665), 459 states have internal predecessors, (665), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 18:03:00,092 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 593 states to 593 states and 882 transitions. [2022-02-20 18:03:00,094 INFO L78 Accepts]: Start accepts. Automaton has 593 states and 882 transitions. Word has length 141 [2022-02-20 18:03:00,094 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:00,094 INFO L470 AbstractCegarLoop]: Abstraction has 593 states and 882 transitions. [2022-02-20 18:03:00,095 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 14.4) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:03:00,095 INFO L276 IsEmpty]: Start isEmpty. Operand 593 states and 882 transitions. [2022-02-20 18:03:00,098 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 150 [2022-02-20 18:03:00,098 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:00,098 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:00,099 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:03:00,099 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:00,099 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:00,099 INFO L85 PathProgramCache]: Analyzing trace with hash 646723229, now seen corresponding path program 1 times [2022-02-20 18:03:00,100 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:00,100 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [118667054] [2022-02-20 18:03:00,100 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:00,100 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:00,171 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,227 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:03:00,229 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,231 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,231 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,232 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4469#true} {4469#true} #1721#return; {4469#true} is VALID [2022-02-20 18:03:00,232 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:03:00,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,236 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4469#true} {4469#true} #1723#return; {4469#true} is VALID [2022-02-20 18:03:00,236 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:03:00,237 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,239 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,239 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,240 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4469#true} {4469#true} #1725#return; {4469#true} is VALID [2022-02-20 18:03:00,240 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:00,241 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,243 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,243 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,244 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4469#true} {4469#true} #1727#return; {4469#true} is VALID [2022-02-20 18:03:00,244 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:03:00,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,247 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,247 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,247 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4469#true} {4469#true} #1729#return; {4469#true} is VALID [2022-02-20 18:03:00,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:03:00,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,251 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,251 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,251 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4469#true} {4469#true} #1731#return; {4469#true} is VALID [2022-02-20 18:03:00,252 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:03:00,254 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,256 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,256 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,256 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4469#true} {4469#true} #1733#return; {4469#true} is VALID [2022-02-20 18:03:00,256 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:03:00,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,260 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,260 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,260 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4469#true} {4469#true} #1735#return; {4469#true} is VALID [2022-02-20 18:03:00,266 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 18:03:00,267 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,270 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:00,270 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,272 INFO L290 TraceCheckUtils]: 0: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,272 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,272 INFO L290 TraceCheckUtils]: 2: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,273 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4469#true} {4469#true} #1719#return; {4469#true} is VALID [2022-02-20 18:03:00,273 INFO L290 TraceCheckUtils]: 0: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4469#true} is VALID [2022-02-20 18:03:00,274 INFO L272 TraceCheckUtils]: 1: Hoare triple {4469#true} call setClientId(~bob___0, ~bob___0); {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:00,274 INFO L290 TraceCheckUtils]: 2: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,274 INFO L290 TraceCheckUtils]: 3: Hoare triple {4469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,274 INFO L290 TraceCheckUtils]: 4: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,274 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4469#true} {4469#true} #1719#return; {4469#true} is VALID [2022-02-20 18:03:00,274 INFO L290 TraceCheckUtils]: 6: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,274 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4469#true} {4470#false} #1741#return; {4470#false} is VALID [2022-02-20 18:03:00,275 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:03:00,276 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,280 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:00,281 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,285 INFO L290 TraceCheckUtils]: 0: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,285 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,285 INFO L290 TraceCheckUtils]: 2: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,285 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4469#true} {4469#true} #1671#return; {4469#true} is VALID [2022-02-20 18:03:00,285 INFO L290 TraceCheckUtils]: 0: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4469#true} is VALID [2022-02-20 18:03:00,286 INFO L272 TraceCheckUtils]: 1: Hoare triple {4469#true} call setClientId(~rjh___0, ~rjh___0); {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:00,286 INFO L290 TraceCheckUtils]: 2: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,286 INFO L290 TraceCheckUtils]: 3: Hoare triple {4469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,287 INFO L290 TraceCheckUtils]: 4: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,287 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4469#true} {4469#true} #1671#return; {4469#true} is VALID [2022-02-20 18:03:00,287 INFO L290 TraceCheckUtils]: 6: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,287 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4469#true} {4470#false} #1747#return; {4470#false} is VALID [2022-02-20 18:03:00,287 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:03:00,289 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,294 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:00,295 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,298 INFO L290 TraceCheckUtils]: 0: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,298 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,298 INFO L290 TraceCheckUtils]: 2: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,298 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4469#true} {4469#true} #1617#return; {4469#true} is VALID [2022-02-20 18:03:00,298 INFO L290 TraceCheckUtils]: 0: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4469#true} is VALID [2022-02-20 18:03:00,300 INFO L272 TraceCheckUtils]: 1: Hoare triple {4469#true} call setClientId(~chuck___0, ~chuck___0); {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:00,300 INFO L290 TraceCheckUtils]: 2: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,300 INFO L290 TraceCheckUtils]: 3: Hoare triple {4469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,300 INFO L290 TraceCheckUtils]: 4: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,300 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4469#true} {4469#true} #1617#return; {4469#true} is VALID [2022-02-20 18:03:00,300 INFO L290 TraceCheckUtils]: 6: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,300 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4469#true} {4470#false} #1753#return; {4470#false} is VALID [2022-02-20 18:03:00,306 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:03:00,307 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,311 INFO L290 TraceCheckUtils]: 0: Hoare triple {4564#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,311 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,312 INFO L290 TraceCheckUtils]: 2: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,312 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4469#true} {4470#false} #1639#return; {4470#false} is VALID [2022-02-20 18:03:00,320 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:03:00,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,328 INFO L290 TraceCheckUtils]: 0: Hoare triple {4565#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,328 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,328 INFO L290 TraceCheckUtils]: 2: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,328 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4469#true} {4470#false} #1641#return; {4470#false} is VALID [2022-02-20 18:03:00,329 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:03:00,330 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,339 INFO L290 TraceCheckUtils]: 0: Hoare triple {4564#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,339 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,339 INFO L290 TraceCheckUtils]: 2: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,339 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4469#true} {4470#false} #1651#return; {4470#false} is VALID [2022-02-20 18:03:00,340 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:03:00,341 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,344 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} ~handle := #in~handle;havoc ~retValue_acc~8; {4469#true} is VALID [2022-02-20 18:03:00,345 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {4469#true} is VALID [2022-02-20 18:03:00,346 INFO L290 TraceCheckUtils]: 2: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,346 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4469#true} {4470#false} #1653#return; {4470#false} is VALID [2022-02-20 18:03:00,346 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 18:03:00,347 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,349 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} ~handle := #in~handle;havoc ~retValue_acc~31; {4469#true} is VALID [2022-02-20 18:03:00,349 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {4469#true} is VALID [2022-02-20 18:03:00,349 INFO L290 TraceCheckUtils]: 2: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,350 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4469#true} {4470#false} #1655#return; {4470#false} is VALID [2022-02-20 18:03:00,350 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 136 [2022-02-20 18:03:00,352 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,354 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:03:00,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:00,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {4469#true} is VALID [2022-02-20 18:03:00,356 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,356 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4469#true} {4469#true} #1797#return; {4469#true} is VALID [2022-02-20 18:03:00,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {4469#true} is VALID [2022-02-20 18:03:00,356 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4469#true} is VALID [2022-02-20 18:03:00,357 INFO L272 TraceCheckUtils]: 2: Hoare triple {4469#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {4469#true} is VALID [2022-02-20 18:03:00,357 INFO L290 TraceCheckUtils]: 3: Hoare triple {4469#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {4469#true} is VALID [2022-02-20 18:03:00,357 INFO L290 TraceCheckUtils]: 4: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,357 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4469#true} {4469#true} #1797#return; {4469#true} is VALID [2022-02-20 18:03:00,357 INFO L290 TraceCheckUtils]: 6: Hoare triple {4469#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {4469#true} is VALID [2022-02-20 18:03:00,357 INFO L290 TraceCheckUtils]: 7: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,357 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {4469#true} {4470#false} #1587#return; {4470#false} is VALID [2022-02-20 18:03:00,358 INFO L290 TraceCheckUtils]: 0: Hoare triple {4469#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {4469#true} is VALID [2022-02-20 18:03:00,358 INFO L290 TraceCheckUtils]: 1: Hoare triple {4469#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {4469#true} is VALID [2022-02-20 18:03:00,358 INFO L290 TraceCheckUtils]: 2: Hoare triple {4469#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {4469#true} is VALID [2022-02-20 18:03:00,358 INFO L272 TraceCheckUtils]: 3: Hoare triple {4469#true} call select_features_#t~ret92#1 := select_one(); {4469#true} is VALID [2022-02-20 18:03:00,358 INFO L290 TraceCheckUtils]: 4: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,358 INFO L290 TraceCheckUtils]: 5: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,359 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {4469#true} {4469#true} #1721#return; {4469#true} is VALID [2022-02-20 18:03:00,359 INFO L290 TraceCheckUtils]: 7: Hoare triple {4469#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {4469#true} is VALID [2022-02-20 18:03:00,359 INFO L272 TraceCheckUtils]: 8: Hoare triple {4469#true} call select_features_#t~ret93#1 := select_one(); {4469#true} is VALID [2022-02-20 18:03:00,359 INFO L290 TraceCheckUtils]: 9: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,359 INFO L290 TraceCheckUtils]: 10: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,359 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {4469#true} {4469#true} #1723#return; {4469#true} is VALID [2022-02-20 18:03:00,359 INFO L290 TraceCheckUtils]: 12: Hoare triple {4469#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {4469#true} is VALID [2022-02-20 18:03:00,359 INFO L272 TraceCheckUtils]: 13: Hoare triple {4469#true} call select_features_#t~ret94#1 := select_one(); {4469#true} is VALID [2022-02-20 18:03:00,360 INFO L290 TraceCheckUtils]: 14: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,360 INFO L290 TraceCheckUtils]: 15: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,360 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4469#true} {4469#true} #1725#return; {4469#true} is VALID [2022-02-20 18:03:00,360 INFO L290 TraceCheckUtils]: 17: Hoare triple {4469#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {4469#true} is VALID [2022-02-20 18:03:00,360 INFO L272 TraceCheckUtils]: 18: Hoare triple {4469#true} call select_features_#t~ret95#1 := select_one(); {4469#true} is VALID [2022-02-20 18:03:00,360 INFO L290 TraceCheckUtils]: 19: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,360 INFO L290 TraceCheckUtils]: 20: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,361 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {4469#true} {4469#true} #1727#return; {4469#true} is VALID [2022-02-20 18:03:00,361 INFO L290 TraceCheckUtils]: 22: Hoare triple {4469#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {4469#true} is VALID [2022-02-20 18:03:00,361 INFO L272 TraceCheckUtils]: 23: Hoare triple {4469#true} call select_features_#t~ret96#1 := select_one(); {4469#true} is VALID [2022-02-20 18:03:00,361 INFO L290 TraceCheckUtils]: 24: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,361 INFO L290 TraceCheckUtils]: 25: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,361 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {4469#true} {4469#true} #1729#return; {4469#true} is VALID [2022-02-20 18:03:00,361 INFO L290 TraceCheckUtils]: 27: Hoare triple {4469#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {4469#true} is VALID [2022-02-20 18:03:00,362 INFO L272 TraceCheckUtils]: 28: Hoare triple {4469#true} call select_features_#t~ret97#1 := select_one(); {4469#true} is VALID [2022-02-20 18:03:00,362 INFO L290 TraceCheckUtils]: 29: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,362 INFO L290 TraceCheckUtils]: 30: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,362 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {4469#true} {4469#true} #1731#return; {4469#true} is VALID [2022-02-20 18:03:00,362 INFO L290 TraceCheckUtils]: 32: Hoare triple {4469#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {4469#true} is VALID [2022-02-20 18:03:00,362 INFO L272 TraceCheckUtils]: 33: Hoare triple {4469#true} call select_features_#t~ret98#1 := select_one(); {4469#true} is VALID [2022-02-20 18:03:00,362 INFO L290 TraceCheckUtils]: 34: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,363 INFO L290 TraceCheckUtils]: 35: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,363 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4469#true} {4469#true} #1733#return; {4469#true} is VALID [2022-02-20 18:03:00,363 INFO L290 TraceCheckUtils]: 37: Hoare triple {4469#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {4469#true} is VALID [2022-02-20 18:03:00,363 INFO L272 TraceCheckUtils]: 38: Hoare triple {4469#true} call select_features_#t~ret99#1 := select_one(); {4469#true} is VALID [2022-02-20 18:03:00,363 INFO L290 TraceCheckUtils]: 39: Hoare triple {4469#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {4469#true} is VALID [2022-02-20 18:03:00,363 INFO L290 TraceCheckUtils]: 40: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,363 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {4469#true} {4469#true} #1735#return; {4469#true} is VALID [2022-02-20 18:03:00,364 INFO L290 TraceCheckUtils]: 42: Hoare triple {4469#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {4469#true} is VALID [2022-02-20 18:03:00,364 INFO L290 TraceCheckUtils]: 43: Hoare triple {4469#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {4469#true} is VALID [2022-02-20 18:03:00,364 INFO L290 TraceCheckUtils]: 44: Hoare triple {4469#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {4469#true} is VALID [2022-02-20 18:03:00,364 INFO L290 TraceCheckUtils]: 45: Hoare triple {4469#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~24#1 := 0; {4495#(= |ULTIMATE.start_valid_product_~tmp~24#1| 0)} is VALID [2022-02-20 18:03:00,365 INFO L290 TraceCheckUtils]: 46: Hoare triple {4495#(= |ULTIMATE.start_valid_product_~tmp~24#1| 0)} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {4496#(= |ULTIMATE.start_valid_product_#res#1| 0)} is VALID [2022-02-20 18:03:00,365 INFO L290 TraceCheckUtils]: 47: Hoare triple {4496#(= |ULTIMATE.start_valid_product_#res#1| 0)} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {4497#(= |ULTIMATE.start_main_~tmp~13#1| 0)} is VALID [2022-02-20 18:03:00,365 INFO L290 TraceCheckUtils]: 48: Hoare triple {4497#(= |ULTIMATE.start_main_~tmp~13#1| 0)} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {4470#false} is VALID [2022-02-20 18:03:00,366 INFO L290 TraceCheckUtils]: 49: Hoare triple {4470#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4470#false} is VALID [2022-02-20 18:03:00,366 INFO L272 TraceCheckUtils]: 50: Hoare triple {4470#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:00,366 INFO L290 TraceCheckUtils]: 51: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4469#true} is VALID [2022-02-20 18:03:00,366 INFO L272 TraceCheckUtils]: 52: Hoare triple {4469#true} call setClientId(~bob___0, ~bob___0); {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:00,367 INFO L290 TraceCheckUtils]: 53: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,367 INFO L290 TraceCheckUtils]: 54: Hoare triple {4469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,367 INFO L290 TraceCheckUtils]: 55: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,367 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {4469#true} {4469#true} #1719#return; {4469#true} is VALID [2022-02-20 18:03:00,367 INFO L290 TraceCheckUtils]: 57: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,367 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4469#true} {4470#false} #1741#return; {4470#false} is VALID [2022-02-20 18:03:00,367 INFO L290 TraceCheckUtils]: 59: Hoare triple {4470#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {4470#false} is VALID [2022-02-20 18:03:00,368 INFO L290 TraceCheckUtils]: 60: Hoare triple {4470#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4470#false} is VALID [2022-02-20 18:03:00,368 INFO L272 TraceCheckUtils]: 61: Hoare triple {4470#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:00,368 INFO L290 TraceCheckUtils]: 62: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4469#true} is VALID [2022-02-20 18:03:00,369 INFO L272 TraceCheckUtils]: 63: Hoare triple {4469#true} call setClientId(~rjh___0, ~rjh___0); {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:00,369 INFO L290 TraceCheckUtils]: 64: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,369 INFO L290 TraceCheckUtils]: 65: Hoare triple {4469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,369 INFO L290 TraceCheckUtils]: 66: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,369 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {4469#true} {4469#true} #1671#return; {4469#true} is VALID [2022-02-20 18:03:00,369 INFO L290 TraceCheckUtils]: 68: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,369 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4469#true} {4470#false} #1747#return; {4470#false} is VALID [2022-02-20 18:03:00,370 INFO L290 TraceCheckUtils]: 70: Hoare triple {4470#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {4470#false} is VALID [2022-02-20 18:03:00,370 INFO L290 TraceCheckUtils]: 71: Hoare triple {4470#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4470#false} is VALID [2022-02-20 18:03:00,370 INFO L272 TraceCheckUtils]: 72: Hoare triple {4470#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:00,370 INFO L290 TraceCheckUtils]: 73: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4469#true} is VALID [2022-02-20 18:03:00,371 INFO L272 TraceCheckUtils]: 74: Hoare triple {4469#true} call setClientId(~chuck___0, ~chuck___0); {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:00,371 INFO L290 TraceCheckUtils]: 75: Hoare triple {4551#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,371 INFO L290 TraceCheckUtils]: 76: Hoare triple {4469#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,371 INFO L290 TraceCheckUtils]: 77: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,371 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {4469#true} {4469#true} #1617#return; {4469#true} is VALID [2022-02-20 18:03:00,371 INFO L290 TraceCheckUtils]: 79: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,371 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {4469#true} {4470#false} #1753#return; {4470#false} is VALID [2022-02-20 18:03:00,372 INFO L290 TraceCheckUtils]: 81: Hoare triple {4470#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {4470#false} is VALID [2022-02-20 18:03:00,372 INFO L290 TraceCheckUtils]: 82: Hoare triple {4470#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4470#false} is VALID [2022-02-20 18:03:00,372 INFO L290 TraceCheckUtils]: 83: Hoare triple {4470#false} assume !false; {4470#false} is VALID [2022-02-20 18:03:00,372 INFO L290 TraceCheckUtils]: 84: Hoare triple {4470#false} assume !(test_~splverifierCounter~0#1 < 4); {4470#false} is VALID [2022-02-20 18:03:00,372 INFO L290 TraceCheckUtils]: 85: Hoare triple {4470#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {4470#false} is VALID [2022-02-20 18:03:00,372 INFO L272 TraceCheckUtils]: 86: Hoare triple {4470#false} call sendEmail(~bob~0, ~rjh~0); {4470#false} is VALID [2022-02-20 18:03:00,372 INFO L290 TraceCheckUtils]: 87: Hoare triple {4470#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4470#false} is VALID [2022-02-20 18:03:00,373 INFO L272 TraceCheckUtils]: 88: Hoare triple {4470#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4564#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:00,373 INFO L290 TraceCheckUtils]: 89: Hoare triple {4564#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,373 INFO L290 TraceCheckUtils]: 90: Hoare triple {4469#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,373 INFO L290 TraceCheckUtils]: 91: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,373 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {4469#true} {4470#false} #1639#return; {4470#false} is VALID [2022-02-20 18:03:00,373 INFO L272 TraceCheckUtils]: 93: Hoare triple {4470#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4565#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:00,373 INFO L290 TraceCheckUtils]: 94: Hoare triple {4565#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,374 INFO L290 TraceCheckUtils]: 95: Hoare triple {4469#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,374 INFO L290 TraceCheckUtils]: 96: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,374 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {4469#true} {4470#false} #1641#return; {4470#false} is VALID [2022-02-20 18:03:00,374 INFO L290 TraceCheckUtils]: 98: Hoare triple {4470#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {4470#false} is VALID [2022-02-20 18:03:00,374 INFO L290 TraceCheckUtils]: 99: Hoare triple {4470#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {4470#false} is VALID [2022-02-20 18:03:00,374 INFO L272 TraceCheckUtils]: 100: Hoare triple {4470#false} call outgoing(~sender#1, ~email~0#1); {4470#false} is VALID [2022-02-20 18:03:00,374 INFO L290 TraceCheckUtils]: 101: Hoare triple {4470#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4470#false} is VALID [2022-02-20 18:03:00,375 INFO L290 TraceCheckUtils]: 102: Hoare triple {4470#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {4470#false} is VALID [2022-02-20 18:03:00,375 INFO L272 TraceCheckUtils]: 103: Hoare triple {4470#false} call outgoing__before__Sign(~client#1, ~msg#1); {4470#false} is VALID [2022-02-20 18:03:00,375 INFO L290 TraceCheckUtils]: 104: Hoare triple {4470#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4470#false} is VALID [2022-02-20 18:03:00,375 INFO L290 TraceCheckUtils]: 105: Hoare triple {4470#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {4470#false} is VALID [2022-02-20 18:03:00,375 INFO L272 TraceCheckUtils]: 106: Hoare triple {4470#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {4470#false} is VALID [2022-02-20 18:03:00,375 INFO L290 TraceCheckUtils]: 107: Hoare triple {4470#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4470#false} is VALID [2022-02-20 18:03:00,375 INFO L290 TraceCheckUtils]: 108: Hoare triple {4470#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4470#false} is VALID [2022-02-20 18:03:00,375 INFO L272 TraceCheckUtils]: 109: Hoare triple {4470#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {4470#false} is VALID [2022-02-20 18:03:00,376 INFO L290 TraceCheckUtils]: 110: Hoare triple {4470#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {4470#false} is VALID [2022-02-20 18:03:00,376 INFO L290 TraceCheckUtils]: 111: Hoare triple {4470#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {4470#false} is VALID [2022-02-20 18:03:00,376 INFO L290 TraceCheckUtils]: 112: Hoare triple {4470#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {4470#false} is VALID [2022-02-20 18:03:00,376 INFO L272 TraceCheckUtils]: 113: Hoare triple {4470#false} call setEmailFrom(~msg#1, ~tmp~1#1); {4564#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:00,376 INFO L290 TraceCheckUtils]: 114: Hoare triple {4564#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4469#true} is VALID [2022-02-20 18:03:00,376 INFO L290 TraceCheckUtils]: 115: Hoare triple {4469#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4469#true} is VALID [2022-02-20 18:03:00,376 INFO L290 TraceCheckUtils]: 116: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,377 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {4469#true} {4470#false} #1651#return; {4470#false} is VALID [2022-02-20 18:03:00,377 INFO L290 TraceCheckUtils]: 118: Hoare triple {4470#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {4470#false} is VALID [2022-02-20 18:03:00,377 INFO L272 TraceCheckUtils]: 119: Hoare triple {4470#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {4469#true} is VALID [2022-02-20 18:03:00,377 INFO L290 TraceCheckUtils]: 120: Hoare triple {4469#true} ~handle := #in~handle;havoc ~retValue_acc~8; {4469#true} is VALID [2022-02-20 18:03:00,377 INFO L290 TraceCheckUtils]: 121: Hoare triple {4469#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {4469#true} is VALID [2022-02-20 18:03:00,377 INFO L290 TraceCheckUtils]: 122: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,377 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {4469#true} {4470#false} #1653#return; {4470#false} is VALID [2022-02-20 18:03:00,378 INFO L290 TraceCheckUtils]: 124: Hoare triple {4470#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {4470#false} is VALID [2022-02-20 18:03:00,378 INFO L290 TraceCheckUtils]: 125: Hoare triple {4470#false} assume 0 != ~__SELECTED_FEATURE_Decrypt~0;assume { :begin_inline_incoming__role__Decrypt } true;incoming__role__Decrypt_#in~client#1, incoming__role__Decrypt_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__role__Decrypt_#t~ret18#1, incoming__role__Decrypt_#t~ret19#1, incoming__role__Decrypt_#t~ret20#1, incoming__role__Decrypt_#t~ret21#1, incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1, incoming__role__Decrypt_~privkey~0#1, incoming__role__Decrypt_~tmp~6#1, incoming__role__Decrypt_~tmp___0~2#1, incoming__role__Decrypt_~tmp___1~1#1, incoming__role__Decrypt_~tmp___2~1#1;incoming__role__Decrypt_~client#1 := incoming__role__Decrypt_#in~client#1;incoming__role__Decrypt_~msg#1 := incoming__role__Decrypt_#in~msg#1;havoc incoming__role__Decrypt_~privkey~0#1;havoc incoming__role__Decrypt_~tmp~6#1;havoc incoming__role__Decrypt_~tmp___0~2#1;havoc incoming__role__Decrypt_~tmp___1~1#1;havoc incoming__role__Decrypt_~tmp___2~1#1; {4470#false} is VALID [2022-02-20 18:03:00,378 INFO L272 TraceCheckUtils]: 126: Hoare triple {4470#false} call incoming__role__Decrypt_#t~ret18#1 := getClientPrivateKey(incoming__role__Decrypt_~client#1); {4469#true} is VALID [2022-02-20 18:03:00,378 INFO L290 TraceCheckUtils]: 127: Hoare triple {4469#true} ~handle := #in~handle;havoc ~retValue_acc~31; {4469#true} is VALID [2022-02-20 18:03:00,378 INFO L290 TraceCheckUtils]: 128: Hoare triple {4469#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {4469#true} is VALID [2022-02-20 18:03:00,378 INFO L290 TraceCheckUtils]: 129: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,378 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {4469#true} {4470#false} #1655#return; {4470#false} is VALID [2022-02-20 18:03:00,379 INFO L290 TraceCheckUtils]: 131: Hoare triple {4470#false} assume -2147483648 <= incoming__role__Decrypt_#t~ret18#1 && incoming__role__Decrypt_#t~ret18#1 <= 2147483647;incoming__role__Decrypt_~tmp~6#1 := incoming__role__Decrypt_#t~ret18#1;havoc incoming__role__Decrypt_#t~ret18#1;incoming__role__Decrypt_~privkey~0#1 := incoming__role__Decrypt_~tmp~6#1; {4470#false} is VALID [2022-02-20 18:03:00,379 INFO L290 TraceCheckUtils]: 132: Hoare triple {4470#false} assume !(0 != incoming__role__Decrypt_~privkey~0#1); {4470#false} is VALID [2022-02-20 18:03:00,379 INFO L272 TraceCheckUtils]: 133: Hoare triple {4470#false} call incoming__before__Decrypt(incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1); {4470#false} is VALID [2022-02-20 18:03:00,379 INFO L290 TraceCheckUtils]: 134: Hoare triple {4470#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4470#false} is VALID [2022-02-20 18:03:00,379 INFO L290 TraceCheckUtils]: 135: Hoare triple {4470#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {4470#false} is VALID [2022-02-20 18:03:00,379 INFO L272 TraceCheckUtils]: 136: Hoare triple {4470#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {4469#true} is VALID [2022-02-20 18:03:00,379 INFO L290 TraceCheckUtils]: 137: Hoare triple {4469#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {4469#true} is VALID [2022-02-20 18:03:00,380 INFO L290 TraceCheckUtils]: 138: Hoare triple {4469#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4469#true} is VALID [2022-02-20 18:03:00,380 INFO L272 TraceCheckUtils]: 139: Hoare triple {4469#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {4469#true} is VALID [2022-02-20 18:03:00,380 INFO L290 TraceCheckUtils]: 140: Hoare triple {4469#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {4469#true} is VALID [2022-02-20 18:03:00,380 INFO L290 TraceCheckUtils]: 141: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,380 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {4469#true} {4469#true} #1797#return; {4469#true} is VALID [2022-02-20 18:03:00,380 INFO L290 TraceCheckUtils]: 143: Hoare triple {4469#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {4469#true} is VALID [2022-02-20 18:03:00,380 INFO L290 TraceCheckUtils]: 144: Hoare triple {4469#true} assume true; {4469#true} is VALID [2022-02-20 18:03:00,381 INFO L284 TraceCheckUtils]: 145: Hoare quadruple {4469#true} {4470#false} #1587#return; {4470#false} is VALID [2022-02-20 18:03:00,381 INFO L290 TraceCheckUtils]: 146: Hoare triple {4470#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {4470#false} is VALID [2022-02-20 18:03:00,381 INFO L290 TraceCheckUtils]: 147: Hoare triple {4470#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {4470#false} is VALID [2022-02-20 18:03:00,381 INFO L290 TraceCheckUtils]: 148: Hoare triple {4470#false} assume !false; {4470#false} is VALID [2022-02-20 18:03:00,381 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:03:00,382 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:00,382 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [118667054] [2022-02-20 18:03:00,382 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [118667054] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:00,382 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:00,382 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:03:00,382 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1250140416] [2022-02-20 18:03:00,382 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:00,384 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 9.75) internal successors, (78), 5 states have internal predecessors, (78), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 149 [2022-02-20 18:03:00,385 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:00,385 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 9.75) internal successors, (78), 5 states have internal predecessors, (78), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 18:03:00,471 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 126 edges. 126 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:00,472 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:03:00,472 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:00,472 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:03:00,472 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:03:00,473 INFO L87 Difference]: Start difference. First operand 593 states and 882 transitions. Second operand has 8 states, 8 states have (on average 9.75) internal successors, (78), 5 states have internal predecessors, (78), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 18:03:08,685 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:08,686 INFO L93 Difference]: Finished difference Result 1282 states and 1935 transitions. [2022-02-20 18:03:08,686 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 18:03:08,686 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 9.75) internal successors, (78), 5 states have internal predecessors, (78), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 149 [2022-02-20 18:03:08,687 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:08,688 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 9.75) internal successors, (78), 5 states have internal predecessors, (78), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 18:03:08,708 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1935 transitions. [2022-02-20 18:03:08,708 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 9.75) internal successors, (78), 5 states have internal predecessors, (78), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 18:03:08,727 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1935 transitions. [2022-02-20 18:03:08,728 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1935 transitions. [2022-02-20 18:03:10,469 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1935 edges. 1935 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:10,497 INFO L225 Difference]: With dead ends: 1282 [2022-02-20 18:03:10,497 INFO L226 Difference]: Without dead ends: 725 [2022-02-20 18:03:10,502 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 57 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=139, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:03:10,505 INFO L933 BasicCegarLoop]: 899 mSDtfsCounter, 1343 mSDsluCounter, 1474 mSDsCounter, 0 mSdLazyCounter, 2862 mSolverCounterSat, 638 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1350 SdHoareTripleChecker+Valid, 2373 SdHoareTripleChecker+Invalid, 3500 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 638 IncrementalHoareTripleChecker+Valid, 2862 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:10,505 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1350 Valid, 2373 Invalid, 3500 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [638 Valid, 2862 Invalid, 0 Unknown, 0 Unchecked, 3.8s Time] [2022-02-20 18:03:10,507 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 725 states. [2022-02-20 18:03:10,531 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 725 to 593. [2022-02-20 18:03:10,531 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:10,533 INFO L82 GeneralOperation]: Start isEquivalent. First operand 725 states. Second operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 18:03:10,534 INFO L74 IsIncluded]: Start isIncluded. First operand 725 states. Second operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 18:03:10,535 INFO L87 Difference]: Start difference. First operand 725 states. Second operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 18:03:10,561 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:10,561 INFO L93 Difference]: Finished difference Result 725 states and 1102 transitions. [2022-02-20 18:03:10,562 INFO L276 IsEmpty]: Start isEmpty. Operand 725 states and 1102 transitions. [2022-02-20 18:03:10,564 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:10,564 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:10,566 INFO L74 IsIncluded]: Start isIncluded. First operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 725 states. [2022-02-20 18:03:10,567 INFO L87 Difference]: Start difference. First operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) Second operand 725 states. [2022-02-20 18:03:10,590 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:10,590 INFO L93 Difference]: Finished difference Result 725 states and 1102 transitions. [2022-02-20 18:03:10,590 INFO L276 IsEmpty]: Start isEmpty. Operand 725 states and 1102 transitions. [2022-02-20 18:03:10,593 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:10,593 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:10,593 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:10,593 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:10,595 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 593 states, 440 states have (on average 1.4954545454545454) internal successors, (658), 459 states have internal predecessors, (658), 109 states have call successors, (109), 43 states have call predecessors, (109), 43 states have return successors, (108), 107 states have call predecessors, (108), 108 states have call successors, (108) [2022-02-20 18:03:10,613 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 593 states to 593 states and 875 transitions. [2022-02-20 18:03:10,614 INFO L78 Accepts]: Start accepts. Automaton has 593 states and 875 transitions. Word has length 149 [2022-02-20 18:03:10,614 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:10,615 INFO L470 AbstractCegarLoop]: Abstraction has 593 states and 875 transitions. [2022-02-20 18:03:10,615 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 9.75) internal successors, (78), 5 states have internal predecessors, (78), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 18:03:10,615 INFO L276 IsEmpty]: Start isEmpty. Operand 593 states and 875 transitions. [2022-02-20 18:03:10,619 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 148 [2022-02-20 18:03:10,619 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:10,619 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:10,619 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:03:10,619 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:10,620 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:10,620 INFO L85 PathProgramCache]: Analyzing trace with hash -548680105, now seen corresponding path program 1 times [2022-02-20 18:03:10,620 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:10,620 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [769387137] [2022-02-20 18:03:10,620 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:10,621 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:10,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,719 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:03:10,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,725 INFO L290 TraceCheckUtils]: 0: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,725 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,725 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8637#true} {8637#true} #1721#return; {8637#true} is VALID [2022-02-20 18:03:10,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:03:10,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,730 INFO L290 TraceCheckUtils]: 0: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,731 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,731 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8637#true} {8637#true} #1723#return; {8637#true} is VALID [2022-02-20 18:03:10,731 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:03:10,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,734 INFO L290 TraceCheckUtils]: 0: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,735 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,735 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8637#true} {8637#true} #1725#return; {8637#true} is VALID [2022-02-20 18:03:10,735 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:10,736 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,738 INFO L290 TraceCheckUtils]: 0: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,738 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,739 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8637#true} {8637#true} #1727#return; {8637#true} is VALID [2022-02-20 18:03:10,739 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:03:10,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,743 INFO L290 TraceCheckUtils]: 0: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,743 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,744 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8637#true} {8637#true} #1729#return; {8637#true} is VALID [2022-02-20 18:03:10,744 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:03:10,745 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,747 INFO L290 TraceCheckUtils]: 0: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,747 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,747 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8637#true} {8637#true} #1731#return; {8637#true} is VALID [2022-02-20 18:03:10,747 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:03:10,749 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,751 INFO L290 TraceCheckUtils]: 0: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,751 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,751 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8637#true} {8637#true} #1733#return; {8637#true} is VALID [2022-02-20 18:03:10,751 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:03:10,754 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,763 INFO L290 TraceCheckUtils]: 0: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,763 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,764 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8637#true} {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} #1735#return; {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 18:03:10,768 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:03:10,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,773 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:10,774 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,777 INFO L290 TraceCheckUtils]: 0: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,777 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,777 INFO L290 TraceCheckUtils]: 2: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,777 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8637#true} {8637#true} #1719#return; {8637#true} is VALID [2022-02-20 18:03:10,777 INFO L290 TraceCheckUtils]: 0: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8637#true} is VALID [2022-02-20 18:03:10,778 INFO L272 TraceCheckUtils]: 1: Hoare triple {8637#true} call setClientId(~bob___0, ~bob___0); {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:10,778 INFO L290 TraceCheckUtils]: 2: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,778 INFO L290 TraceCheckUtils]: 3: Hoare triple {8637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,780 INFO L290 TraceCheckUtils]: 4: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,780 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8637#true} {8637#true} #1719#return; {8637#true} is VALID [2022-02-20 18:03:10,785 INFO L290 TraceCheckUtils]: 6: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,786 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8637#true} {8638#false} #1741#return; {8638#false} is VALID [2022-02-20 18:03:10,786 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:03:10,789 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,791 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:10,792 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,794 INFO L290 TraceCheckUtils]: 0: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,795 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,795 INFO L290 TraceCheckUtils]: 2: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,795 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8637#true} {8637#true} #1671#return; {8637#true} is VALID [2022-02-20 18:03:10,795 INFO L290 TraceCheckUtils]: 0: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8637#true} is VALID [2022-02-20 18:03:10,796 INFO L272 TraceCheckUtils]: 1: Hoare triple {8637#true} call setClientId(~rjh___0, ~rjh___0); {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:10,796 INFO L290 TraceCheckUtils]: 2: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,796 INFO L290 TraceCheckUtils]: 3: Hoare triple {8637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,796 INFO L290 TraceCheckUtils]: 4: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,797 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8637#true} {8637#true} #1671#return; {8637#true} is VALID [2022-02-20 18:03:10,797 INFO L290 TraceCheckUtils]: 6: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,797 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8637#true} {8638#false} #1747#return; {8638#false} is VALID [2022-02-20 18:03:10,797 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:03:10,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,811 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:10,814 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,818 INFO L290 TraceCheckUtils]: 0: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,818 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,818 INFO L290 TraceCheckUtils]: 2: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,818 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8637#true} {8637#true} #1617#return; {8637#true} is VALID [2022-02-20 18:03:10,818 INFO L290 TraceCheckUtils]: 0: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8637#true} is VALID [2022-02-20 18:03:10,819 INFO L272 TraceCheckUtils]: 1: Hoare triple {8637#true} call setClientId(~chuck___0, ~chuck___0); {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:10,819 INFO L290 TraceCheckUtils]: 2: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,819 INFO L290 TraceCheckUtils]: 3: Hoare triple {8637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,819 INFO L290 TraceCheckUtils]: 4: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,820 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8637#true} {8637#true} #1617#return; {8637#true} is VALID [2022-02-20 18:03:10,820 INFO L290 TraceCheckUtils]: 6: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,820 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8637#true} {8638#false} #1753#return; {8638#false} is VALID [2022-02-20 18:03:10,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:03:10,825 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,826 INFO L290 TraceCheckUtils]: 0: Hoare triple {8726#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,827 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,827 INFO L290 TraceCheckUtils]: 2: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,827 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8637#true} {8638#false} #1639#return; {8638#false} is VALID [2022-02-20 18:03:10,831 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:03:10,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,834 INFO L290 TraceCheckUtils]: 0: Hoare triple {8727#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,834 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,834 INFO L290 TraceCheckUtils]: 2: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,834 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8637#true} {8638#false} #1641#return; {8638#false} is VALID [2022-02-20 18:03:10,835 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:03:10,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,839 INFO L290 TraceCheckUtils]: 0: Hoare triple {8726#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,839 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,839 INFO L290 TraceCheckUtils]: 2: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,839 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8637#true} {8638#false} #1651#return; {8638#false} is VALID [2022-02-20 18:03:10,839 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 18:03:10,840 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,842 INFO L290 TraceCheckUtils]: 0: Hoare triple {8637#true} ~handle := #in~handle;havoc ~retValue_acc~8; {8637#true} is VALID [2022-02-20 18:03:10,842 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {8637#true} is VALID [2022-02-20 18:03:10,842 INFO L290 TraceCheckUtils]: 2: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,842 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8637#true} {8638#false} #1653#return; {8638#false} is VALID [2022-02-20 18:03:10,842 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 134 [2022-02-20 18:03:10,844 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,846 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:03:10,847 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,848 INFO L290 TraceCheckUtils]: 0: Hoare triple {8637#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {8637#true} is VALID [2022-02-20 18:03:10,848 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,848 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8637#true} {8637#true} #1797#return; {8637#true} is VALID [2022-02-20 18:03:10,849 INFO L290 TraceCheckUtils]: 0: Hoare triple {8637#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {8637#true} is VALID [2022-02-20 18:03:10,849 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8637#true} is VALID [2022-02-20 18:03:10,849 INFO L272 TraceCheckUtils]: 2: Hoare triple {8637#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {8637#true} is VALID [2022-02-20 18:03:10,849 INFO L290 TraceCheckUtils]: 3: Hoare triple {8637#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {8637#true} is VALID [2022-02-20 18:03:10,849 INFO L290 TraceCheckUtils]: 4: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,849 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8637#true} {8637#true} #1797#return; {8637#true} is VALID [2022-02-20 18:03:10,849 INFO L290 TraceCheckUtils]: 6: Hoare triple {8637#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {8637#true} is VALID [2022-02-20 18:03:10,850 INFO L290 TraceCheckUtils]: 7: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,850 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {8637#true} {8638#false} #1587#return; {8638#false} is VALID [2022-02-20 18:03:10,850 INFO L290 TraceCheckUtils]: 0: Hoare triple {8637#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {8637#true} is VALID [2022-02-20 18:03:10,850 INFO L290 TraceCheckUtils]: 1: Hoare triple {8637#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {8637#true} is VALID [2022-02-20 18:03:10,850 INFO L290 TraceCheckUtils]: 2: Hoare triple {8637#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {8637#true} is VALID [2022-02-20 18:03:10,850 INFO L272 TraceCheckUtils]: 3: Hoare triple {8637#true} call select_features_#t~ret92#1 := select_one(); {8637#true} is VALID [2022-02-20 18:03:10,850 INFO L290 TraceCheckUtils]: 4: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,851 INFO L290 TraceCheckUtils]: 5: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,851 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {8637#true} {8637#true} #1721#return; {8637#true} is VALID [2022-02-20 18:03:10,851 INFO L290 TraceCheckUtils]: 7: Hoare triple {8637#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {8637#true} is VALID [2022-02-20 18:03:10,851 INFO L272 TraceCheckUtils]: 8: Hoare triple {8637#true} call select_features_#t~ret93#1 := select_one(); {8637#true} is VALID [2022-02-20 18:03:10,851 INFO L290 TraceCheckUtils]: 9: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,851 INFO L290 TraceCheckUtils]: 10: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,852 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {8637#true} {8637#true} #1723#return; {8637#true} is VALID [2022-02-20 18:03:10,852 INFO L290 TraceCheckUtils]: 12: Hoare triple {8637#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {8637#true} is VALID [2022-02-20 18:03:10,852 INFO L272 TraceCheckUtils]: 13: Hoare triple {8637#true} call select_features_#t~ret94#1 := select_one(); {8637#true} is VALID [2022-02-20 18:03:10,852 INFO L290 TraceCheckUtils]: 14: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,852 INFO L290 TraceCheckUtils]: 15: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,852 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8637#true} {8637#true} #1725#return; {8637#true} is VALID [2022-02-20 18:03:10,852 INFO L290 TraceCheckUtils]: 17: Hoare triple {8637#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {8637#true} is VALID [2022-02-20 18:03:10,852 INFO L272 TraceCheckUtils]: 18: Hoare triple {8637#true} call select_features_#t~ret95#1 := select_one(); {8637#true} is VALID [2022-02-20 18:03:10,853 INFO L290 TraceCheckUtils]: 19: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,853 INFO L290 TraceCheckUtils]: 20: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,853 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {8637#true} {8637#true} #1727#return; {8637#true} is VALID [2022-02-20 18:03:10,853 INFO L290 TraceCheckUtils]: 22: Hoare triple {8637#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {8637#true} is VALID [2022-02-20 18:03:10,853 INFO L272 TraceCheckUtils]: 23: Hoare triple {8637#true} call select_features_#t~ret96#1 := select_one(); {8637#true} is VALID [2022-02-20 18:03:10,853 INFO L290 TraceCheckUtils]: 24: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,853 INFO L290 TraceCheckUtils]: 25: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,853 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {8637#true} {8637#true} #1729#return; {8637#true} is VALID [2022-02-20 18:03:10,854 INFO L290 TraceCheckUtils]: 27: Hoare triple {8637#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {8637#true} is VALID [2022-02-20 18:03:10,854 INFO L272 TraceCheckUtils]: 28: Hoare triple {8637#true} call select_features_#t~ret97#1 := select_one(); {8637#true} is VALID [2022-02-20 18:03:10,855 INFO L290 TraceCheckUtils]: 29: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,855 INFO L290 TraceCheckUtils]: 30: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,855 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {8637#true} {8637#true} #1731#return; {8637#true} is VALID [2022-02-20 18:03:10,855 INFO L290 TraceCheckUtils]: 32: Hoare triple {8637#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {8637#true} is VALID [2022-02-20 18:03:10,855 INFO L272 TraceCheckUtils]: 33: Hoare triple {8637#true} call select_features_#t~ret98#1 := select_one(); {8637#true} is VALID [2022-02-20 18:03:10,855 INFO L290 TraceCheckUtils]: 34: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,855 INFO L290 TraceCheckUtils]: 35: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,856 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {8637#true} {8637#true} #1733#return; {8637#true} is VALID [2022-02-20 18:03:10,856 INFO L290 TraceCheckUtils]: 37: Hoare triple {8637#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 18:03:10,856 INFO L272 TraceCheckUtils]: 38: Hoare triple {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} call select_features_#t~ret99#1 := select_one(); {8637#true} is VALID [2022-02-20 18:03:10,856 INFO L290 TraceCheckUtils]: 39: Hoare triple {8637#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {8637#true} is VALID [2022-02-20 18:03:10,856 INFO L290 TraceCheckUtils]: 40: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,857 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8637#true} {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} #1735#return; {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 18:03:10,857 INFO L290 TraceCheckUtils]: 42: Hoare triple {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 18:03:10,857 INFO L290 TraceCheckUtils]: 43: Hoare triple {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 18:03:10,858 INFO L290 TraceCheckUtils]: 44: Hoare triple {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 18:03:10,858 INFO L290 TraceCheckUtils]: 45: Hoare triple {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 18:03:10,858 INFO L290 TraceCheckUtils]: 46: Hoare triple {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 18:03:10,859 INFO L290 TraceCheckUtils]: 47: Hoare triple {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} is VALID [2022-02-20 18:03:10,859 INFO L290 TraceCheckUtils]: 48: Hoare triple {8660#(= ~__SELECTED_FEATURE_Verify~0 1)} assume 0 == ~__SELECTED_FEATURE_Verify~0; {8638#false} is VALID [2022-02-20 18:03:10,859 INFO L290 TraceCheckUtils]: 49: Hoare triple {8638#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8638#false} is VALID [2022-02-20 18:03:10,859 INFO L290 TraceCheckUtils]: 50: Hoare triple {8638#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~24#1 := 1; {8638#false} is VALID [2022-02-20 18:03:10,859 INFO L290 TraceCheckUtils]: 51: Hoare triple {8638#false} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {8638#false} is VALID [2022-02-20 18:03:10,859 INFO L290 TraceCheckUtils]: 52: Hoare triple {8638#false} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {8638#false} is VALID [2022-02-20 18:03:10,860 INFO L290 TraceCheckUtils]: 53: Hoare triple {8638#false} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {8638#false} is VALID [2022-02-20 18:03:10,860 INFO L290 TraceCheckUtils]: 54: Hoare triple {8638#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8638#false} is VALID [2022-02-20 18:03:10,860 INFO L272 TraceCheckUtils]: 55: Hoare triple {8638#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:10,860 INFO L290 TraceCheckUtils]: 56: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8637#true} is VALID [2022-02-20 18:03:10,861 INFO L272 TraceCheckUtils]: 57: Hoare triple {8637#true} call setClientId(~bob___0, ~bob___0); {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:10,861 INFO L290 TraceCheckUtils]: 58: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,861 INFO L290 TraceCheckUtils]: 59: Hoare triple {8637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,861 INFO L290 TraceCheckUtils]: 60: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,862 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {8637#true} {8637#true} #1719#return; {8637#true} is VALID [2022-02-20 18:03:10,862 INFO L290 TraceCheckUtils]: 62: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,862 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {8637#true} {8638#false} #1741#return; {8638#false} is VALID [2022-02-20 18:03:10,862 INFO L290 TraceCheckUtils]: 64: Hoare triple {8638#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {8638#false} is VALID [2022-02-20 18:03:10,862 INFO L290 TraceCheckUtils]: 65: Hoare triple {8638#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8638#false} is VALID [2022-02-20 18:03:10,862 INFO L272 TraceCheckUtils]: 66: Hoare triple {8638#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:10,862 INFO L290 TraceCheckUtils]: 67: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8637#true} is VALID [2022-02-20 18:03:10,863 INFO L272 TraceCheckUtils]: 68: Hoare triple {8637#true} call setClientId(~rjh___0, ~rjh___0); {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:10,863 INFO L290 TraceCheckUtils]: 69: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,863 INFO L290 TraceCheckUtils]: 70: Hoare triple {8637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,865 INFO L290 TraceCheckUtils]: 71: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,866 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {8637#true} {8637#true} #1671#return; {8637#true} is VALID [2022-02-20 18:03:10,867 INFO L290 TraceCheckUtils]: 73: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,867 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {8637#true} {8638#false} #1747#return; {8638#false} is VALID [2022-02-20 18:03:10,868 INFO L290 TraceCheckUtils]: 75: Hoare triple {8638#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {8638#false} is VALID [2022-02-20 18:03:10,868 INFO L290 TraceCheckUtils]: 76: Hoare triple {8638#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8638#false} is VALID [2022-02-20 18:03:10,868 INFO L272 TraceCheckUtils]: 77: Hoare triple {8638#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:10,868 INFO L290 TraceCheckUtils]: 78: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8637#true} is VALID [2022-02-20 18:03:10,869 INFO L272 TraceCheckUtils]: 79: Hoare triple {8637#true} call setClientId(~chuck___0, ~chuck___0); {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:10,869 INFO L290 TraceCheckUtils]: 80: Hoare triple {8713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,869 INFO L290 TraceCheckUtils]: 81: Hoare triple {8637#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,869 INFO L290 TraceCheckUtils]: 82: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,869 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {8637#true} {8637#true} #1617#return; {8637#true} is VALID [2022-02-20 18:03:10,869 INFO L290 TraceCheckUtils]: 84: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,869 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8637#true} {8638#false} #1753#return; {8638#false} is VALID [2022-02-20 18:03:10,869 INFO L290 TraceCheckUtils]: 86: Hoare triple {8638#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {8638#false} is VALID [2022-02-20 18:03:10,870 INFO L290 TraceCheckUtils]: 87: Hoare triple {8638#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8638#false} is VALID [2022-02-20 18:03:10,870 INFO L290 TraceCheckUtils]: 88: Hoare triple {8638#false} assume !false; {8638#false} is VALID [2022-02-20 18:03:10,870 INFO L290 TraceCheckUtils]: 89: Hoare triple {8638#false} assume !(test_~splverifierCounter~0#1 < 4); {8638#false} is VALID [2022-02-20 18:03:10,870 INFO L290 TraceCheckUtils]: 90: Hoare triple {8638#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {8638#false} is VALID [2022-02-20 18:03:10,870 INFO L272 TraceCheckUtils]: 91: Hoare triple {8638#false} call sendEmail(~bob~0, ~rjh~0); {8638#false} is VALID [2022-02-20 18:03:10,871 INFO L290 TraceCheckUtils]: 92: Hoare triple {8638#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8638#false} is VALID [2022-02-20 18:03:10,871 INFO L272 TraceCheckUtils]: 93: Hoare triple {8638#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8726#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:10,873 INFO L290 TraceCheckUtils]: 94: Hoare triple {8726#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,873 INFO L290 TraceCheckUtils]: 95: Hoare triple {8637#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,873 INFO L290 TraceCheckUtils]: 96: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,873 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8637#true} {8638#false} #1639#return; {8638#false} is VALID [2022-02-20 18:03:10,874 INFO L272 TraceCheckUtils]: 98: Hoare triple {8638#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8727#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:10,874 INFO L290 TraceCheckUtils]: 99: Hoare triple {8727#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,874 INFO L290 TraceCheckUtils]: 100: Hoare triple {8637#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,874 INFO L290 TraceCheckUtils]: 101: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,874 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {8637#true} {8638#false} #1641#return; {8638#false} is VALID [2022-02-20 18:03:10,874 INFO L290 TraceCheckUtils]: 103: Hoare triple {8638#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {8638#false} is VALID [2022-02-20 18:03:10,874 INFO L290 TraceCheckUtils]: 104: Hoare triple {8638#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {8638#false} is VALID [2022-02-20 18:03:10,874 INFO L272 TraceCheckUtils]: 105: Hoare triple {8638#false} call outgoing(~sender#1, ~email~0#1); {8638#false} is VALID [2022-02-20 18:03:10,875 INFO L290 TraceCheckUtils]: 106: Hoare triple {8638#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8638#false} is VALID [2022-02-20 18:03:10,875 INFO L290 TraceCheckUtils]: 107: Hoare triple {8638#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {8638#false} is VALID [2022-02-20 18:03:10,875 INFO L272 TraceCheckUtils]: 108: Hoare triple {8638#false} call outgoing__before__Sign(~client#1, ~msg#1); {8638#false} is VALID [2022-02-20 18:03:10,875 INFO L290 TraceCheckUtils]: 109: Hoare triple {8638#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8638#false} is VALID [2022-02-20 18:03:10,875 INFO L290 TraceCheckUtils]: 110: Hoare triple {8638#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {8638#false} is VALID [2022-02-20 18:03:10,875 INFO L272 TraceCheckUtils]: 111: Hoare triple {8638#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {8638#false} is VALID [2022-02-20 18:03:10,875 INFO L290 TraceCheckUtils]: 112: Hoare triple {8638#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8638#false} is VALID [2022-02-20 18:03:10,875 INFO L290 TraceCheckUtils]: 113: Hoare triple {8638#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8638#false} is VALID [2022-02-20 18:03:10,876 INFO L272 TraceCheckUtils]: 114: Hoare triple {8638#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {8638#false} is VALID [2022-02-20 18:03:10,876 INFO L290 TraceCheckUtils]: 115: Hoare triple {8638#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {8638#false} is VALID [2022-02-20 18:03:10,876 INFO L290 TraceCheckUtils]: 116: Hoare triple {8638#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {8638#false} is VALID [2022-02-20 18:03:10,876 INFO L290 TraceCheckUtils]: 117: Hoare triple {8638#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {8638#false} is VALID [2022-02-20 18:03:10,876 INFO L272 TraceCheckUtils]: 118: Hoare triple {8638#false} call setEmailFrom(~msg#1, ~tmp~1#1); {8726#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:10,876 INFO L290 TraceCheckUtils]: 119: Hoare triple {8726#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8637#true} is VALID [2022-02-20 18:03:10,876 INFO L290 TraceCheckUtils]: 120: Hoare triple {8637#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8637#true} is VALID [2022-02-20 18:03:10,876 INFO L290 TraceCheckUtils]: 121: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,876 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {8637#true} {8638#false} #1651#return; {8638#false} is VALID [2022-02-20 18:03:10,877 INFO L290 TraceCheckUtils]: 123: Hoare triple {8638#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {8638#false} is VALID [2022-02-20 18:03:10,877 INFO L272 TraceCheckUtils]: 124: Hoare triple {8638#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {8637#true} is VALID [2022-02-20 18:03:10,877 INFO L290 TraceCheckUtils]: 125: Hoare triple {8637#true} ~handle := #in~handle;havoc ~retValue_acc~8; {8637#true} is VALID [2022-02-20 18:03:10,877 INFO L290 TraceCheckUtils]: 126: Hoare triple {8637#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {8637#true} is VALID [2022-02-20 18:03:10,877 INFO L290 TraceCheckUtils]: 127: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,877 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {8637#true} {8638#false} #1653#return; {8638#false} is VALID [2022-02-20 18:03:10,877 INFO L290 TraceCheckUtils]: 129: Hoare triple {8638#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {8638#false} is VALID [2022-02-20 18:03:10,877 INFO L290 TraceCheckUtils]: 130: Hoare triple {8638#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {8638#false} is VALID [2022-02-20 18:03:10,878 INFO L272 TraceCheckUtils]: 131: Hoare triple {8638#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {8638#false} is VALID [2022-02-20 18:03:10,878 INFO L290 TraceCheckUtils]: 132: Hoare triple {8638#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8638#false} is VALID [2022-02-20 18:03:10,878 INFO L290 TraceCheckUtils]: 133: Hoare triple {8638#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {8638#false} is VALID [2022-02-20 18:03:10,878 INFO L272 TraceCheckUtils]: 134: Hoare triple {8638#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {8637#true} is VALID [2022-02-20 18:03:10,878 INFO L290 TraceCheckUtils]: 135: Hoare triple {8637#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {8637#true} is VALID [2022-02-20 18:03:10,878 INFO L290 TraceCheckUtils]: 136: Hoare triple {8637#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8637#true} is VALID [2022-02-20 18:03:10,878 INFO L272 TraceCheckUtils]: 137: Hoare triple {8637#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {8637#true} is VALID [2022-02-20 18:03:10,878 INFO L290 TraceCheckUtils]: 138: Hoare triple {8637#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {8637#true} is VALID [2022-02-20 18:03:10,879 INFO L290 TraceCheckUtils]: 139: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,879 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {8637#true} {8637#true} #1797#return; {8637#true} is VALID [2022-02-20 18:03:10,879 INFO L290 TraceCheckUtils]: 141: Hoare triple {8637#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {8637#true} is VALID [2022-02-20 18:03:10,879 INFO L290 TraceCheckUtils]: 142: Hoare triple {8637#true} assume true; {8637#true} is VALID [2022-02-20 18:03:10,879 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {8637#true} {8638#false} #1587#return; {8638#false} is VALID [2022-02-20 18:03:10,879 INFO L290 TraceCheckUtils]: 144: Hoare triple {8638#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {8638#false} is VALID [2022-02-20 18:03:10,879 INFO L290 TraceCheckUtils]: 145: Hoare triple {8638#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {8638#false} is VALID [2022-02-20 18:03:10,879 INFO L290 TraceCheckUtils]: 146: Hoare triple {8638#false} assume !false; {8638#false} is VALID [2022-02-20 18:03:10,880 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:03:10,880 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:10,881 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [769387137] [2022-02-20 18:03:10,881 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [769387137] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:10,881 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:10,881 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:03:10,882 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1081931060] [2022-02-20 18:03:10,882 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:10,883 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 3 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 3 states have call predecessors, (20), 3 states have call successors, (20) Word has length 147 [2022-02-20 18:03:10,884 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:10,884 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 3 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 3 states have call predecessors, (20), 3 states have call successors, (20) [2022-02-20 18:03:10,963 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 124 edges. 124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:10,964 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:03:10,964 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:10,964 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:03:10,964 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:03:10,965 INFO L87 Difference]: Start difference. First operand 593 states and 875 transitions. Second operand has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 3 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 3 states have call predecessors, (20), 3 states have call successors, (20) [2022-02-20 18:03:15,778 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:15,779 INFO L93 Difference]: Finished difference Result 1285 states and 1949 transitions. [2022-02-20 18:03:15,779 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:03:15,779 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 3 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 3 states have call predecessors, (20), 3 states have call successors, (20) Word has length 147 [2022-02-20 18:03:15,780 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:15,780 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 3 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 3 states have call predecessors, (20), 3 states have call successors, (20) [2022-02-20 18:03:15,801 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1949 transitions. [2022-02-20 18:03:15,802 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 3 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 3 states have call predecessors, (20), 3 states have call successors, (20) [2022-02-20 18:03:15,823 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1949 transitions. [2022-02-20 18:03:15,823 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1949 transitions. [2022-02-20 18:03:17,467 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1949 edges. 1949 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:17,492 INFO L225 Difference]: With dead ends: 1285 [2022-02-20 18:03:17,493 INFO L226 Difference]: Without dead ends: 725 [2022-02-20 18:03:17,494 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 43 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:03:17,495 INFO L933 BasicCegarLoop]: 875 mSDtfsCounter, 2064 mSDsluCounter, 678 mSDsCounter, 0 mSdLazyCounter, 494 mSolverCounterSat, 835 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2092 SdHoareTripleChecker+Valid, 1553 SdHoareTripleChecker+Invalid, 1329 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 835 IncrementalHoareTripleChecker+Valid, 494 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:17,495 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2092 Valid, 1553 Invalid, 1329 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [835 Valid, 494 Invalid, 0 Unknown, 0 Unchecked, 1.9s Time] [2022-02-20 18:03:17,496 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 725 states. [2022-02-20 18:03:17,511 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 725 to 594. [2022-02-20 18:03:17,511 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:17,513 INFO L82 GeneralOperation]: Start isEquivalent. First operand 725 states. Second operand has 594 states, 442 states have (on average 1.4864253393665159) internal successors, (657), 459 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 18:03:17,514 INFO L74 IsIncluded]: Start isIncluded. First operand 725 states. Second operand has 594 states, 442 states have (on average 1.4864253393665159) internal successors, (657), 459 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 18:03:17,515 INFO L87 Difference]: Start difference. First operand 725 states. Second operand has 594 states, 442 states have (on average 1.4864253393665159) internal successors, (657), 459 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 18:03:17,534 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:17,535 INFO L93 Difference]: Finished difference Result 725 states and 1093 transitions. [2022-02-20 18:03:17,535 INFO L276 IsEmpty]: Start isEmpty. Operand 725 states and 1093 transitions. [2022-02-20 18:03:17,537 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:17,537 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:17,538 INFO L74 IsIncluded]: Start isIncluded. First operand has 594 states, 442 states have (on average 1.4864253393665159) internal successors, (657), 459 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) Second operand 725 states. [2022-02-20 18:03:17,539 INFO L87 Difference]: Start difference. First operand has 594 states, 442 states have (on average 1.4864253393665159) internal successors, (657), 459 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) Second operand 725 states. [2022-02-20 18:03:17,559 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:17,560 INFO L93 Difference]: Finished difference Result 725 states and 1093 transitions. [2022-02-20 18:03:17,560 INFO L276 IsEmpty]: Start isEmpty. Operand 725 states and 1093 transitions. [2022-02-20 18:03:17,562 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:17,562 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:17,562 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:17,562 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:17,564 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 594 states, 442 states have (on average 1.4864253393665159) internal successors, (657), 459 states have internal predecessors, (657), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 18:03:17,582 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 594 states to 594 states and 870 transitions. [2022-02-20 18:03:17,582 INFO L78 Accepts]: Start accepts. Automaton has 594 states and 870 transitions. Word has length 147 [2022-02-20 18:03:17,582 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:17,582 INFO L470 AbstractCegarLoop]: Abstraction has 594 states and 870 transitions. [2022-02-20 18:03:17,583 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 13.0) internal successors, (78), 3 states have internal predecessors, (78), 3 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 3 states have call predecessors, (20), 3 states have call successors, (20) [2022-02-20 18:03:17,583 INFO L276 IsEmpty]: Start isEmpty. Operand 594 states and 870 transitions. [2022-02-20 18:03:17,585 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 149 [2022-02-20 18:03:17,585 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:17,585 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:17,585 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:03:17,585 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:17,586 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:17,586 INFO L85 PathProgramCache]: Analyzing trace with hash 1201992432, now seen corresponding path program 1 times [2022-02-20 18:03:17,586 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:17,586 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1107272974] [2022-02-20 18:03:17,586 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:17,586 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:17,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,680 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:03:17,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,683 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,684 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12802#true} {12802#true} #1721#return; {12802#true} is VALID [2022-02-20 18:03:17,684 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:03:17,686 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,687 INFO L290 TraceCheckUtils]: 0: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,688 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,688 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12802#true} {12802#true} #1723#return; {12802#true} is VALID [2022-02-20 18:03:17,688 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:03:17,689 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,705 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,706 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12802#true} {12802#true} #1725#return; {12802#true} is VALID [2022-02-20 18:03:17,706 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:17,708 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,709 INFO L290 TraceCheckUtils]: 0: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,710 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,710 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12802#true} {12802#true} #1727#return; {12802#true} is VALID [2022-02-20 18:03:17,710 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:03:17,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,713 INFO L290 TraceCheckUtils]: 0: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,713 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,713 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12802#true} {12802#true} #1729#return; {12802#true} is VALID [2022-02-20 18:03:17,714 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:03:17,715 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,717 INFO L290 TraceCheckUtils]: 0: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,717 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,717 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12802#true} {12802#true} #1731#return; {12802#true} is VALID [2022-02-20 18:03:17,717 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:03:17,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,736 INFO L290 TraceCheckUtils]: 0: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,736 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,736 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12802#true} {12802#true} #1733#return; {12802#true} is VALID [2022-02-20 18:03:17,737 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:03:17,738 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,740 INFO L290 TraceCheckUtils]: 0: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,740 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,740 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12802#true} {12802#true} #1735#return; {12802#true} is VALID [2022-02-20 18:03:17,745 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 18:03:17,746 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,747 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:17,748 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,749 INFO L290 TraceCheckUtils]: 0: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,749 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,750 INFO L290 TraceCheckUtils]: 2: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,750 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12802#true} {12802#true} #1719#return; {12802#true} is VALID [2022-02-20 18:03:17,750 INFO L290 TraceCheckUtils]: 0: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12802#true} is VALID [2022-02-20 18:03:17,751 INFO L272 TraceCheckUtils]: 1: Hoare triple {12802#true} call setClientId(~bob___0, ~bob___0); {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:17,751 INFO L290 TraceCheckUtils]: 2: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,751 INFO L290 TraceCheckUtils]: 3: Hoare triple {12802#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,751 INFO L290 TraceCheckUtils]: 4: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,752 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12802#true} {12802#true} #1719#return; {12802#true} is VALID [2022-02-20 18:03:17,752 INFO L290 TraceCheckUtils]: 6: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,752 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12802#true} {12803#false} #1741#return; {12803#false} is VALID [2022-02-20 18:03:17,752 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:03:17,754 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,766 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:17,767 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,769 INFO L290 TraceCheckUtils]: 0: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,769 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,769 INFO L290 TraceCheckUtils]: 2: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,769 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12802#true} {12802#true} #1671#return; {12802#true} is VALID [2022-02-20 18:03:17,769 INFO L290 TraceCheckUtils]: 0: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12802#true} is VALID [2022-02-20 18:03:17,770 INFO L272 TraceCheckUtils]: 1: Hoare triple {12802#true} call setClientId(~rjh___0, ~rjh___0); {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:17,770 INFO L290 TraceCheckUtils]: 2: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,770 INFO L290 TraceCheckUtils]: 3: Hoare triple {12802#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,770 INFO L290 TraceCheckUtils]: 4: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,770 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12802#true} {12802#true} #1671#return; {12802#true} is VALID [2022-02-20 18:03:17,770 INFO L290 TraceCheckUtils]: 6: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,770 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12802#true} {12803#false} #1747#return; {12803#false} is VALID [2022-02-20 18:03:17,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:03:17,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,774 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:17,774 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,776 INFO L290 TraceCheckUtils]: 0: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,776 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,776 INFO L290 TraceCheckUtils]: 2: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,776 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12802#true} {12802#true} #1617#return; {12802#true} is VALID [2022-02-20 18:03:17,776 INFO L290 TraceCheckUtils]: 0: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12802#true} is VALID [2022-02-20 18:03:17,777 INFO L272 TraceCheckUtils]: 1: Hoare triple {12802#true} call setClientId(~chuck___0, ~chuck___0); {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:17,777 INFO L290 TraceCheckUtils]: 2: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,777 INFO L290 TraceCheckUtils]: 3: Hoare triple {12802#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,777 INFO L290 TraceCheckUtils]: 4: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,777 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12802#true} {12802#true} #1617#return; {12802#true} is VALID [2022-02-20 18:03:17,777 INFO L290 TraceCheckUtils]: 6: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,777 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12802#true} {12803#false} #1753#return; {12803#false} is VALID [2022-02-20 18:03:17,781 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:03:17,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,783 INFO L290 TraceCheckUtils]: 0: Hoare triple {12891#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,783 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,783 INFO L290 TraceCheckUtils]: 2: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,783 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12802#true} {12803#false} #1639#return; {12803#false} is VALID [2022-02-20 18:03:17,802 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:03:17,803 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,805 INFO L290 TraceCheckUtils]: 0: Hoare triple {12892#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,805 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,805 INFO L290 TraceCheckUtils]: 2: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,805 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12802#true} {12803#false} #1641#return; {12803#false} is VALID [2022-02-20 18:03:17,805 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:03:17,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,807 INFO L290 TraceCheckUtils]: 0: Hoare triple {12891#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,807 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,807 INFO L290 TraceCheckUtils]: 2: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,807 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12802#true} {12803#false} #1651#return; {12803#false} is VALID [2022-02-20 18:03:17,807 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:03:17,808 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,809 INFO L290 TraceCheckUtils]: 0: Hoare triple {12802#true} ~handle := #in~handle;havoc ~retValue_acc~8; {12802#true} is VALID [2022-02-20 18:03:17,809 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {12802#true} is VALID [2022-02-20 18:03:17,809 INFO L290 TraceCheckUtils]: 2: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,809 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12802#true} {12803#false} #1653#return; {12803#false} is VALID [2022-02-20 18:03:17,809 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 18:03:17,810 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,812 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:03:17,812 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,813 INFO L290 TraceCheckUtils]: 0: Hoare triple {12802#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {12802#true} is VALID [2022-02-20 18:03:17,814 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,814 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12802#true} {12802#true} #1797#return; {12802#true} is VALID [2022-02-20 18:03:17,814 INFO L290 TraceCheckUtils]: 0: Hoare triple {12802#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {12802#true} is VALID [2022-02-20 18:03:17,814 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {12802#true} is VALID [2022-02-20 18:03:17,814 INFO L272 TraceCheckUtils]: 2: Hoare triple {12802#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {12802#true} is VALID [2022-02-20 18:03:17,814 INFO L290 TraceCheckUtils]: 3: Hoare triple {12802#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {12802#true} is VALID [2022-02-20 18:03:17,814 INFO L290 TraceCheckUtils]: 4: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,814 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12802#true} {12802#true} #1797#return; {12802#true} is VALID [2022-02-20 18:03:17,814 INFO L290 TraceCheckUtils]: 6: Hoare triple {12802#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {12802#true} is VALID [2022-02-20 18:03:17,814 INFO L290 TraceCheckUtils]: 7: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,814 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {12802#true} {12803#false} #1587#return; {12803#false} is VALID [2022-02-20 18:03:17,814 INFO L290 TraceCheckUtils]: 0: Hoare triple {12802#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {12802#true} is VALID [2022-02-20 18:03:17,817 INFO L290 TraceCheckUtils]: 1: Hoare triple {12802#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {12802#true} is VALID [2022-02-20 18:03:17,817 INFO L290 TraceCheckUtils]: 2: Hoare triple {12802#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {12802#true} is VALID [2022-02-20 18:03:17,817 INFO L272 TraceCheckUtils]: 3: Hoare triple {12802#true} call select_features_#t~ret92#1 := select_one(); {12802#true} is VALID [2022-02-20 18:03:17,817 INFO L290 TraceCheckUtils]: 4: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,817 INFO L290 TraceCheckUtils]: 5: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,817 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {12802#true} {12802#true} #1721#return; {12802#true} is VALID [2022-02-20 18:03:17,817 INFO L290 TraceCheckUtils]: 7: Hoare triple {12802#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {12802#true} is VALID [2022-02-20 18:03:17,817 INFO L272 TraceCheckUtils]: 8: Hoare triple {12802#true} call select_features_#t~ret93#1 := select_one(); {12802#true} is VALID [2022-02-20 18:03:17,817 INFO L290 TraceCheckUtils]: 9: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,817 INFO L290 TraceCheckUtils]: 10: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,817 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {12802#true} {12802#true} #1723#return; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L290 TraceCheckUtils]: 12: Hoare triple {12802#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L272 TraceCheckUtils]: 13: Hoare triple {12802#true} call select_features_#t~ret94#1 := select_one(); {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L290 TraceCheckUtils]: 14: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L290 TraceCheckUtils]: 15: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12802#true} {12802#true} #1725#return; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L290 TraceCheckUtils]: 17: Hoare triple {12802#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L272 TraceCheckUtils]: 18: Hoare triple {12802#true} call select_features_#t~ret95#1 := select_one(); {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L290 TraceCheckUtils]: 19: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L290 TraceCheckUtils]: 20: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {12802#true} {12802#true} #1727#return; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L290 TraceCheckUtils]: 22: Hoare triple {12802#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L272 TraceCheckUtils]: 23: Hoare triple {12802#true} call select_features_#t~ret96#1 := select_one(); {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L290 TraceCheckUtils]: 24: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L290 TraceCheckUtils]: 25: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {12802#true} {12802#true} #1729#return; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L290 TraceCheckUtils]: 27: Hoare triple {12802#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {12802#true} is VALID [2022-02-20 18:03:17,818 INFO L272 TraceCheckUtils]: 28: Hoare triple {12802#true} call select_features_#t~ret97#1 := select_one(); {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L290 TraceCheckUtils]: 29: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L290 TraceCheckUtils]: 30: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {12802#true} {12802#true} #1731#return; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L290 TraceCheckUtils]: 32: Hoare triple {12802#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L272 TraceCheckUtils]: 33: Hoare triple {12802#true} call select_features_#t~ret98#1 := select_one(); {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L290 TraceCheckUtils]: 34: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L290 TraceCheckUtils]: 35: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {12802#true} {12802#true} #1733#return; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L290 TraceCheckUtils]: 37: Hoare triple {12802#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L272 TraceCheckUtils]: 38: Hoare triple {12802#true} call select_features_#t~ret99#1 := select_one(); {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L290 TraceCheckUtils]: 39: Hoare triple {12802#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L290 TraceCheckUtils]: 40: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12802#true} {12802#true} #1735#return; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L290 TraceCheckUtils]: 42: Hoare triple {12802#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L290 TraceCheckUtils]: 43: Hoare triple {12802#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L290 TraceCheckUtils]: 44: Hoare triple {12802#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {12802#true} is VALID [2022-02-20 18:03:17,819 INFO L290 TraceCheckUtils]: 45: Hoare triple {12802#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {12802#true} is VALID [2022-02-20 18:03:17,820 INFO L290 TraceCheckUtils]: 46: Hoare triple {12802#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {12802#true} is VALID [2022-02-20 18:03:17,820 INFO L290 TraceCheckUtils]: 47: Hoare triple {12802#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12828#(= ~__SELECTED_FEATURE_Sign~0 0)} is VALID [2022-02-20 18:03:17,820 INFO L290 TraceCheckUtils]: 48: Hoare triple {12828#(= ~__SELECTED_FEATURE_Sign~0 0)} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {12828#(= ~__SELECTED_FEATURE_Sign~0 0)} is VALID [2022-02-20 18:03:17,820 INFO L290 TraceCheckUtils]: 49: Hoare triple {12828#(= ~__SELECTED_FEATURE_Sign~0 0)} assume 0 != ~__SELECTED_FEATURE_Sign~0; {12803#false} is VALID [2022-02-20 18:03:17,820 INFO L290 TraceCheckUtils]: 50: Hoare triple {12803#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12803#false} is VALID [2022-02-20 18:03:17,821 INFO L290 TraceCheckUtils]: 51: Hoare triple {12803#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~24#1 := 1; {12803#false} is VALID [2022-02-20 18:03:17,821 INFO L290 TraceCheckUtils]: 52: Hoare triple {12803#false} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {12803#false} is VALID [2022-02-20 18:03:17,821 INFO L290 TraceCheckUtils]: 53: Hoare triple {12803#false} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {12803#false} is VALID [2022-02-20 18:03:17,821 INFO L290 TraceCheckUtils]: 54: Hoare triple {12803#false} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {12803#false} is VALID [2022-02-20 18:03:17,821 INFO L290 TraceCheckUtils]: 55: Hoare triple {12803#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12803#false} is VALID [2022-02-20 18:03:17,821 INFO L272 TraceCheckUtils]: 56: Hoare triple {12803#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:17,821 INFO L290 TraceCheckUtils]: 57: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12802#true} is VALID [2022-02-20 18:03:17,821 INFO L272 TraceCheckUtils]: 58: Hoare triple {12802#true} call setClientId(~bob___0, ~bob___0); {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:17,821 INFO L290 TraceCheckUtils]: 59: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,822 INFO L290 TraceCheckUtils]: 60: Hoare triple {12802#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,822 INFO L290 TraceCheckUtils]: 61: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,822 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {12802#true} {12802#true} #1719#return; {12802#true} is VALID [2022-02-20 18:03:17,822 INFO L290 TraceCheckUtils]: 63: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,822 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {12802#true} {12803#false} #1741#return; {12803#false} is VALID [2022-02-20 18:03:17,822 INFO L290 TraceCheckUtils]: 65: Hoare triple {12803#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {12803#false} is VALID [2022-02-20 18:03:17,822 INFO L290 TraceCheckUtils]: 66: Hoare triple {12803#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12803#false} is VALID [2022-02-20 18:03:17,822 INFO L272 TraceCheckUtils]: 67: Hoare triple {12803#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:17,822 INFO L290 TraceCheckUtils]: 68: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12802#true} is VALID [2022-02-20 18:03:17,823 INFO L272 TraceCheckUtils]: 69: Hoare triple {12802#true} call setClientId(~rjh___0, ~rjh___0); {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:17,823 INFO L290 TraceCheckUtils]: 70: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,823 INFO L290 TraceCheckUtils]: 71: Hoare triple {12802#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,823 INFO L290 TraceCheckUtils]: 72: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,823 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {12802#true} {12802#true} #1671#return; {12802#true} is VALID [2022-02-20 18:03:17,823 INFO L290 TraceCheckUtils]: 74: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,823 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {12802#true} {12803#false} #1747#return; {12803#false} is VALID [2022-02-20 18:03:17,823 INFO L290 TraceCheckUtils]: 76: Hoare triple {12803#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {12803#false} is VALID [2022-02-20 18:03:17,823 INFO L290 TraceCheckUtils]: 77: Hoare triple {12803#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12803#false} is VALID [2022-02-20 18:03:17,823 INFO L272 TraceCheckUtils]: 78: Hoare triple {12803#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:17,823 INFO L290 TraceCheckUtils]: 79: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12802#true} is VALID [2022-02-20 18:03:17,824 INFO L272 TraceCheckUtils]: 80: Hoare triple {12802#true} call setClientId(~chuck___0, ~chuck___0); {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:17,824 INFO L290 TraceCheckUtils]: 81: Hoare triple {12878#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,824 INFO L290 TraceCheckUtils]: 82: Hoare triple {12802#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,824 INFO L290 TraceCheckUtils]: 83: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,824 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {12802#true} {12802#true} #1617#return; {12802#true} is VALID [2022-02-20 18:03:17,824 INFO L290 TraceCheckUtils]: 85: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,824 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {12802#true} {12803#false} #1753#return; {12803#false} is VALID [2022-02-20 18:03:17,824 INFO L290 TraceCheckUtils]: 87: Hoare triple {12803#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {12803#false} is VALID [2022-02-20 18:03:17,824 INFO L290 TraceCheckUtils]: 88: Hoare triple {12803#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12803#false} is VALID [2022-02-20 18:03:17,824 INFO L290 TraceCheckUtils]: 89: Hoare triple {12803#false} assume !false; {12803#false} is VALID [2022-02-20 18:03:17,824 INFO L290 TraceCheckUtils]: 90: Hoare triple {12803#false} assume !(test_~splverifierCounter~0#1 < 4); {12803#false} is VALID [2022-02-20 18:03:17,824 INFO L290 TraceCheckUtils]: 91: Hoare triple {12803#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {12803#false} is VALID [2022-02-20 18:03:17,824 INFO L272 TraceCheckUtils]: 92: Hoare triple {12803#false} call sendEmail(~bob~0, ~rjh~0); {12803#false} is VALID [2022-02-20 18:03:17,824 INFO L290 TraceCheckUtils]: 93: Hoare triple {12803#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12803#false} is VALID [2022-02-20 18:03:17,824 INFO L272 TraceCheckUtils]: 94: Hoare triple {12803#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12891#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:17,825 INFO L290 TraceCheckUtils]: 95: Hoare triple {12891#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,825 INFO L290 TraceCheckUtils]: 96: Hoare triple {12802#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,825 INFO L290 TraceCheckUtils]: 97: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,825 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {12802#true} {12803#false} #1639#return; {12803#false} is VALID [2022-02-20 18:03:17,825 INFO L272 TraceCheckUtils]: 99: Hoare triple {12803#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12892#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:17,825 INFO L290 TraceCheckUtils]: 100: Hoare triple {12892#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,825 INFO L290 TraceCheckUtils]: 101: Hoare triple {12802#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,825 INFO L290 TraceCheckUtils]: 102: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,825 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {12802#true} {12803#false} #1641#return; {12803#false} is VALID [2022-02-20 18:03:17,825 INFO L290 TraceCheckUtils]: 104: Hoare triple {12803#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {12803#false} is VALID [2022-02-20 18:03:17,825 INFO L290 TraceCheckUtils]: 105: Hoare triple {12803#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {12803#false} is VALID [2022-02-20 18:03:17,825 INFO L272 TraceCheckUtils]: 106: Hoare triple {12803#false} call outgoing(~sender#1, ~email~0#1); {12803#false} is VALID [2022-02-20 18:03:17,825 INFO L290 TraceCheckUtils]: 107: Hoare triple {12803#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12803#false} is VALID [2022-02-20 18:03:17,825 INFO L290 TraceCheckUtils]: 108: Hoare triple {12803#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {12803#false} is VALID [2022-02-20 18:03:17,825 INFO L272 TraceCheckUtils]: 109: Hoare triple {12803#false} call outgoing__before__Sign(~client#1, ~msg#1); {12803#false} is VALID [2022-02-20 18:03:17,825 INFO L290 TraceCheckUtils]: 110: Hoare triple {12803#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12803#false} is VALID [2022-02-20 18:03:17,825 INFO L290 TraceCheckUtils]: 111: Hoare triple {12803#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {12803#false} is VALID [2022-02-20 18:03:17,826 INFO L272 TraceCheckUtils]: 112: Hoare triple {12803#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {12803#false} is VALID [2022-02-20 18:03:17,826 INFO L290 TraceCheckUtils]: 113: Hoare triple {12803#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12803#false} is VALID [2022-02-20 18:03:17,826 INFO L290 TraceCheckUtils]: 114: Hoare triple {12803#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {12803#false} is VALID [2022-02-20 18:03:17,826 INFO L272 TraceCheckUtils]: 115: Hoare triple {12803#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {12803#false} is VALID [2022-02-20 18:03:17,826 INFO L290 TraceCheckUtils]: 116: Hoare triple {12803#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {12803#false} is VALID [2022-02-20 18:03:17,826 INFO L290 TraceCheckUtils]: 117: Hoare triple {12803#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {12803#false} is VALID [2022-02-20 18:03:17,826 INFO L290 TraceCheckUtils]: 118: Hoare triple {12803#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {12803#false} is VALID [2022-02-20 18:03:17,826 INFO L272 TraceCheckUtils]: 119: Hoare triple {12803#false} call setEmailFrom(~msg#1, ~tmp~1#1); {12891#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:17,826 INFO L290 TraceCheckUtils]: 120: Hoare triple {12891#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12802#true} is VALID [2022-02-20 18:03:17,826 INFO L290 TraceCheckUtils]: 121: Hoare triple {12802#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12802#true} is VALID [2022-02-20 18:03:17,826 INFO L290 TraceCheckUtils]: 122: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,826 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {12802#true} {12803#false} #1651#return; {12803#false} is VALID [2022-02-20 18:03:17,826 INFO L290 TraceCheckUtils]: 124: Hoare triple {12803#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {12803#false} is VALID [2022-02-20 18:03:17,826 INFO L272 TraceCheckUtils]: 125: Hoare triple {12803#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {12802#true} is VALID [2022-02-20 18:03:17,826 INFO L290 TraceCheckUtils]: 126: Hoare triple {12802#true} ~handle := #in~handle;havoc ~retValue_acc~8; {12802#true} is VALID [2022-02-20 18:03:17,826 INFO L290 TraceCheckUtils]: 127: Hoare triple {12802#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {12802#true} is VALID [2022-02-20 18:03:17,826 INFO L290 TraceCheckUtils]: 128: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,827 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {12802#true} {12803#false} #1653#return; {12803#false} is VALID [2022-02-20 18:03:17,827 INFO L290 TraceCheckUtils]: 130: Hoare triple {12803#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {12803#false} is VALID [2022-02-20 18:03:17,827 INFO L290 TraceCheckUtils]: 131: Hoare triple {12803#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {12803#false} is VALID [2022-02-20 18:03:17,827 INFO L272 TraceCheckUtils]: 132: Hoare triple {12803#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {12803#false} is VALID [2022-02-20 18:03:17,827 INFO L290 TraceCheckUtils]: 133: Hoare triple {12803#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12803#false} is VALID [2022-02-20 18:03:17,827 INFO L290 TraceCheckUtils]: 134: Hoare triple {12803#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {12803#false} is VALID [2022-02-20 18:03:17,827 INFO L272 TraceCheckUtils]: 135: Hoare triple {12803#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {12802#true} is VALID [2022-02-20 18:03:17,827 INFO L290 TraceCheckUtils]: 136: Hoare triple {12802#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {12802#true} is VALID [2022-02-20 18:03:17,827 INFO L290 TraceCheckUtils]: 137: Hoare triple {12802#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {12802#true} is VALID [2022-02-20 18:03:17,827 INFO L272 TraceCheckUtils]: 138: Hoare triple {12802#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {12802#true} is VALID [2022-02-20 18:03:17,827 INFO L290 TraceCheckUtils]: 139: Hoare triple {12802#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {12802#true} is VALID [2022-02-20 18:03:17,827 INFO L290 TraceCheckUtils]: 140: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,827 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {12802#true} {12802#true} #1797#return; {12802#true} is VALID [2022-02-20 18:03:17,827 INFO L290 TraceCheckUtils]: 142: Hoare triple {12802#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {12802#true} is VALID [2022-02-20 18:03:17,827 INFO L290 TraceCheckUtils]: 143: Hoare triple {12802#true} assume true; {12802#true} is VALID [2022-02-20 18:03:17,827 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {12802#true} {12803#false} #1587#return; {12803#false} is VALID [2022-02-20 18:03:17,827 INFO L290 TraceCheckUtils]: 145: Hoare triple {12803#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {12803#false} is VALID [2022-02-20 18:03:17,828 INFO L290 TraceCheckUtils]: 146: Hoare triple {12803#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {12803#false} is VALID [2022-02-20 18:03:17,828 INFO L290 TraceCheckUtils]: 147: Hoare triple {12803#false} assume !false; {12803#false} is VALID [2022-02-20 18:03:17,828 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:03:17,828 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:17,828 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1107272974] [2022-02-20 18:03:17,828 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1107272974] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:17,828 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:17,828 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:03:17,828 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [679346698] [2022-02-20 18:03:17,828 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:17,829 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 148 [2022-02-20 18:03:17,829 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:17,829 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:03:17,959 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 125 edges. 125 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:17,960 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:03:17,960 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:17,960 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:03:17,960 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:03:17,960 INFO L87 Difference]: Start difference. First operand 594 states and 870 transitions. Second operand has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:03:28,266 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:28,266 INFO L93 Difference]: Finished difference Result 1956 states and 3033 transitions. [2022-02-20 18:03:28,266 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-02-20 18:03:28,267 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 148 [2022-02-20 18:03:28,267 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:28,268 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:03:28,305 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 3031 transitions. [2022-02-20 18:03:28,306 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:03:28,342 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 3031 transitions. [2022-02-20 18:03:28,342 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 13 states and 3031 transitions. [2022-02-20 18:03:31,050 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 3031 edges. 3031 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:31,135 INFO L225 Difference]: With dead ends: 1956 [2022-02-20 18:03:31,135 INFO L226 Difference]: Without dead ends: 1396 [2022-02-20 18:03:31,137 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 60 GetRequests, 47 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 36 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=67, Invalid=143, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:03:31,137 INFO L933 BasicCegarLoop]: 919 mSDtfsCounter, 3292 mSDsluCounter, 909 mSDsCounter, 0 mSdLazyCounter, 1642 mSolverCounterSat, 1451 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3333 SdHoareTripleChecker+Valid, 1828 SdHoareTripleChecker+Invalid, 3093 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1451 IncrementalHoareTripleChecker+Valid, 1642 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.5s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:31,138 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [3333 Valid, 1828 Invalid, 3093 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1451 Valid, 1642 Invalid, 0 Unknown, 0 Unchecked, 4.5s Time] [2022-02-20 18:03:31,139 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1396 states. [2022-02-20 18:03:31,175 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1396 to 1132. [2022-02-20 18:03:31,175 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:31,177 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1396 states. Second operand has 1132 states, 845 states have (on average 1.493491124260355) internal successors, (1262), 875 states have internal predecessors, (1262), 199 states have call successors, (199), 87 states have call predecessors, (199), 87 states have return successors, (210), 196 states have call predecessors, (210), 197 states have call successors, (210) [2022-02-20 18:03:31,180 INFO L74 IsIncluded]: Start isIncluded. First operand 1396 states. Second operand has 1132 states, 845 states have (on average 1.493491124260355) internal successors, (1262), 875 states have internal predecessors, (1262), 199 states have call successors, (199), 87 states have call predecessors, (199), 87 states have return successors, (210), 196 states have call predecessors, (210), 197 states have call successors, (210) [2022-02-20 18:03:31,182 INFO L87 Difference]: Start difference. First operand 1396 states. Second operand has 1132 states, 845 states have (on average 1.493491124260355) internal successors, (1262), 875 states have internal predecessors, (1262), 199 states have call successors, (199), 87 states have call predecessors, (199), 87 states have return successors, (210), 196 states have call predecessors, (210), 197 states have call successors, (210) [2022-02-20 18:03:31,278 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:31,278 INFO L93 Difference]: Finished difference Result 1396 states and 2175 transitions. [2022-02-20 18:03:31,278 INFO L276 IsEmpty]: Start isEmpty. Operand 1396 states and 2175 transitions. [2022-02-20 18:03:31,283 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:31,283 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:31,286 INFO L74 IsIncluded]: Start isIncluded. First operand has 1132 states, 845 states have (on average 1.493491124260355) internal successors, (1262), 875 states have internal predecessors, (1262), 199 states have call successors, (199), 87 states have call predecessors, (199), 87 states have return successors, (210), 196 states have call predecessors, (210), 197 states have call successors, (210) Second operand 1396 states. [2022-02-20 18:03:31,300 INFO L87 Difference]: Start difference. First operand has 1132 states, 845 states have (on average 1.493491124260355) internal successors, (1262), 875 states have internal predecessors, (1262), 199 states have call successors, (199), 87 states have call predecessors, (199), 87 states have return successors, (210), 196 states have call predecessors, (210), 197 states have call successors, (210) Second operand 1396 states. [2022-02-20 18:03:31,360 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:31,361 INFO L93 Difference]: Finished difference Result 1396 states and 2175 transitions. [2022-02-20 18:03:31,361 INFO L276 IsEmpty]: Start isEmpty. Operand 1396 states and 2175 transitions. [2022-02-20 18:03:31,365 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:31,365 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:31,365 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:31,366 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:31,369 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1132 states, 845 states have (on average 1.493491124260355) internal successors, (1262), 875 states have internal predecessors, (1262), 199 states have call successors, (199), 87 states have call predecessors, (199), 87 states have return successors, (210), 196 states have call predecessors, (210), 197 states have call successors, (210) [2022-02-20 18:03:31,423 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1132 states to 1132 states and 1671 transitions. [2022-02-20 18:03:31,423 INFO L78 Accepts]: Start accepts. Automaton has 1132 states and 1671 transitions. Word has length 148 [2022-02-20 18:03:31,423 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:31,424 INFO L470 AbstractCegarLoop]: Abstraction has 1132 states and 1671 transitions. [2022-02-20 18:03:31,424 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 13.166666666666666) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (26), 5 states have call predecessors, (26), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:03:31,424 INFO L276 IsEmpty]: Start isEmpty. Operand 1132 states and 1671 transitions. [2022-02-20 18:03:31,427 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 157 [2022-02-20 18:03:31,427 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:31,427 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:31,427 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:03:31,427 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:31,428 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:31,428 INFO L85 PathProgramCache]: Analyzing trace with hash -1923519357, now seen corresponding path program 1 times [2022-02-20 18:03:31,428 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:31,429 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2096678864] [2022-02-20 18:03:31,429 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:31,429 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:31,465 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,507 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:03:31,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,511 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,511 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,511 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19984#true} {19984#true} #1721#return; {19984#true} is VALID [2022-02-20 18:03:31,511 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:03:31,513 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,515 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,515 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,515 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19984#true} {19984#true} #1723#return; {19984#true} is VALID [2022-02-20 18:03:31,515 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:03:31,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,518 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19984#true} {19984#true} #1725#return; {19984#true} is VALID [2022-02-20 18:03:31,519 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:31,520 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,521 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,521 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,521 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19984#true} {19984#true} #1727#return; {19984#true} is VALID [2022-02-20 18:03:31,521 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:03:31,523 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,524 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,524 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,524 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19984#true} {19984#true} #1729#return; {19984#true} is VALID [2022-02-20 18:03:31,525 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:03:31,526 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,527 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,527 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,528 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19984#true} {19984#true} #1731#return; {19984#true} is VALID [2022-02-20 18:03:31,528 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:03:31,529 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,530 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,531 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,531 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19984#true} {19984#true} #1733#return; {19984#true} is VALID [2022-02-20 18:03:31,531 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:03:31,532 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,534 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,534 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,534 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19984#true} {19984#true} #1735#return; {19984#true} is VALID [2022-02-20 18:03:31,538 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:03:31,539 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,541 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:31,541 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,543 INFO L290 TraceCheckUtils]: 0: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,543 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,543 INFO L290 TraceCheckUtils]: 2: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,544 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19984#true} {19984#true} #1719#return; {19984#true} is VALID [2022-02-20 18:03:31,544 INFO L290 TraceCheckUtils]: 0: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {19984#true} is VALID [2022-02-20 18:03:31,544 INFO L272 TraceCheckUtils]: 1: Hoare triple {19984#true} call setClientId(~bob___0, ~bob___0); {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:31,544 INFO L290 TraceCheckUtils]: 2: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,545 INFO L290 TraceCheckUtils]: 3: Hoare triple {19984#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,545 INFO L290 TraceCheckUtils]: 4: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,545 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19984#true} {19984#true} #1719#return; {19984#true} is VALID [2022-02-20 18:03:31,545 INFO L290 TraceCheckUtils]: 6: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,545 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {19984#true} {19985#false} #1741#return; {19985#false} is VALID [2022-02-20 18:03:31,545 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:03:31,547 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,548 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:31,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,550 INFO L290 TraceCheckUtils]: 0: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,550 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,550 INFO L290 TraceCheckUtils]: 2: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,550 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19984#true} {19984#true} #1671#return; {19984#true} is VALID [2022-02-20 18:03:31,551 INFO L290 TraceCheckUtils]: 0: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {19984#true} is VALID [2022-02-20 18:03:31,551 INFO L272 TraceCheckUtils]: 1: Hoare triple {19984#true} call setClientId(~rjh___0, ~rjh___0); {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:31,551 INFO L290 TraceCheckUtils]: 2: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,551 INFO L290 TraceCheckUtils]: 3: Hoare triple {19984#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,551 INFO L290 TraceCheckUtils]: 4: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,552 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19984#true} {19984#true} #1671#return; {19984#true} is VALID [2022-02-20 18:03:31,552 INFO L290 TraceCheckUtils]: 6: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,552 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {19984#true} {19985#false} #1747#return; {19985#false} is VALID [2022-02-20 18:03:31,552 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:03:31,553 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,556 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:31,556 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,558 INFO L290 TraceCheckUtils]: 0: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,558 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,558 INFO L290 TraceCheckUtils]: 2: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,558 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19984#true} {19984#true} #1617#return; {19984#true} is VALID [2022-02-20 18:03:31,558 INFO L290 TraceCheckUtils]: 0: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {19984#true} is VALID [2022-02-20 18:03:31,559 INFO L272 TraceCheckUtils]: 1: Hoare triple {19984#true} call setClientId(~chuck___0, ~chuck___0); {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:31,559 INFO L290 TraceCheckUtils]: 2: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,559 INFO L290 TraceCheckUtils]: 3: Hoare triple {19984#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,559 INFO L290 TraceCheckUtils]: 4: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,559 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19984#true} {19984#true} #1617#return; {19984#true} is VALID [2022-02-20 18:03:31,559 INFO L290 TraceCheckUtils]: 6: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,559 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {19984#true} {19985#false} #1753#return; {19985#false} is VALID [2022-02-20 18:03:31,563 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:03:31,564 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,567 INFO L290 TraceCheckUtils]: 0: Hoare triple {20077#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,567 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,567 INFO L290 TraceCheckUtils]: 2: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,567 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19984#true} {19985#false} #1639#return; {19985#false} is VALID [2022-02-20 18:03:31,571 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:03:31,572 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {20078#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,574 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,574 INFO L290 TraceCheckUtils]: 2: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,574 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19984#true} {19985#false} #1641#return; {19985#false} is VALID [2022-02-20 18:03:31,574 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 18:03:31,575 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,578 INFO L290 TraceCheckUtils]: 0: Hoare triple {20077#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,578 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,579 INFO L290 TraceCheckUtils]: 2: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,579 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19984#true} {19985#false} #1651#return; {19985#false} is VALID [2022-02-20 18:03:31,579 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 18:03:31,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,581 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} ~handle := #in~handle;havoc ~retValue_acc~8; {19984#true} is VALID [2022-02-20 18:03:31,581 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {19984#true} is VALID [2022-02-20 18:03:31,581 INFO L290 TraceCheckUtils]: 2: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,581 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19984#true} {19985#false} #1653#return; {19985#false} is VALID [2022-02-20 18:03:31,581 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 18:03:31,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,583 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} ~handle := #in~handle;havoc ~retValue_acc~31; {19984#true} is VALID [2022-02-20 18:03:31,583 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {19984#true} is VALID [2022-02-20 18:03:31,583 INFO L290 TraceCheckUtils]: 2: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,584 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19984#true} {19985#false} #1655#return; {19985#false} is VALID [2022-02-20 18:03:31,584 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 143 [2022-02-20 18:03:31,585 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,587 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:03:31,587 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:31,589 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {19984#true} is VALID [2022-02-20 18:03:31,589 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,589 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19984#true} {19984#true} #1797#return; {19984#true} is VALID [2022-02-20 18:03:31,589 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {19984#true} is VALID [2022-02-20 18:03:31,589 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {19984#true} is VALID [2022-02-20 18:03:31,589 INFO L272 TraceCheckUtils]: 2: Hoare triple {19984#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {19984#true} is VALID [2022-02-20 18:03:31,589 INFO L290 TraceCheckUtils]: 3: Hoare triple {19984#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {19984#true} is VALID [2022-02-20 18:03:31,589 INFO L290 TraceCheckUtils]: 4: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,590 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19984#true} {19984#true} #1797#return; {19984#true} is VALID [2022-02-20 18:03:31,590 INFO L290 TraceCheckUtils]: 6: Hoare triple {19984#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {19984#true} is VALID [2022-02-20 18:03:31,590 INFO L290 TraceCheckUtils]: 7: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,590 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {19984#true} {19985#false} #1587#return; {19985#false} is VALID [2022-02-20 18:03:31,591 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {19984#true} is VALID [2022-02-20 18:03:31,591 INFO L290 TraceCheckUtils]: 1: Hoare triple {19984#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {19984#true} is VALID [2022-02-20 18:03:31,591 INFO L290 TraceCheckUtils]: 2: Hoare triple {19984#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {19984#true} is VALID [2022-02-20 18:03:31,591 INFO L272 TraceCheckUtils]: 3: Hoare triple {19984#true} call select_features_#t~ret92#1 := select_one(); {19984#true} is VALID [2022-02-20 18:03:31,591 INFO L290 TraceCheckUtils]: 4: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,591 INFO L290 TraceCheckUtils]: 5: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,591 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {19984#true} {19984#true} #1721#return; {19984#true} is VALID [2022-02-20 18:03:31,592 INFO L290 TraceCheckUtils]: 7: Hoare triple {19984#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {19984#true} is VALID [2022-02-20 18:03:31,592 INFO L272 TraceCheckUtils]: 8: Hoare triple {19984#true} call select_features_#t~ret93#1 := select_one(); {19984#true} is VALID [2022-02-20 18:03:31,592 INFO L290 TraceCheckUtils]: 9: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,592 INFO L290 TraceCheckUtils]: 10: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,592 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {19984#true} {19984#true} #1723#return; {19984#true} is VALID [2022-02-20 18:03:31,592 INFO L290 TraceCheckUtils]: 12: Hoare triple {19984#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {19984#true} is VALID [2022-02-20 18:03:31,592 INFO L272 TraceCheckUtils]: 13: Hoare triple {19984#true} call select_features_#t~ret94#1 := select_one(); {19984#true} is VALID [2022-02-20 18:03:31,592 INFO L290 TraceCheckUtils]: 14: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,593 INFO L290 TraceCheckUtils]: 15: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,593 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19984#true} {19984#true} #1725#return; {19984#true} is VALID [2022-02-20 18:03:31,593 INFO L290 TraceCheckUtils]: 17: Hoare triple {19984#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {19984#true} is VALID [2022-02-20 18:03:31,593 INFO L272 TraceCheckUtils]: 18: Hoare triple {19984#true} call select_features_#t~ret95#1 := select_one(); {19984#true} is VALID [2022-02-20 18:03:31,593 INFO L290 TraceCheckUtils]: 19: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,593 INFO L290 TraceCheckUtils]: 20: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,593 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {19984#true} {19984#true} #1727#return; {19984#true} is VALID [2022-02-20 18:03:31,593 INFO L290 TraceCheckUtils]: 22: Hoare triple {19984#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {19984#true} is VALID [2022-02-20 18:03:31,593 INFO L272 TraceCheckUtils]: 23: Hoare triple {19984#true} call select_features_#t~ret96#1 := select_one(); {19984#true} is VALID [2022-02-20 18:03:31,594 INFO L290 TraceCheckUtils]: 24: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,594 INFO L290 TraceCheckUtils]: 25: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,594 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {19984#true} {19984#true} #1729#return; {19984#true} is VALID [2022-02-20 18:03:31,594 INFO L290 TraceCheckUtils]: 27: Hoare triple {19984#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {19984#true} is VALID [2022-02-20 18:03:31,594 INFO L272 TraceCheckUtils]: 28: Hoare triple {19984#true} call select_features_#t~ret97#1 := select_one(); {19984#true} is VALID [2022-02-20 18:03:31,594 INFO L290 TraceCheckUtils]: 29: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,594 INFO L290 TraceCheckUtils]: 30: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,594 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {19984#true} {19984#true} #1731#return; {19984#true} is VALID [2022-02-20 18:03:31,595 INFO L290 TraceCheckUtils]: 32: Hoare triple {19984#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {19984#true} is VALID [2022-02-20 18:03:31,595 INFO L272 TraceCheckUtils]: 33: Hoare triple {19984#true} call select_features_#t~ret98#1 := select_one(); {19984#true} is VALID [2022-02-20 18:03:31,595 INFO L290 TraceCheckUtils]: 34: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,595 INFO L290 TraceCheckUtils]: 35: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,595 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {19984#true} {19984#true} #1733#return; {19984#true} is VALID [2022-02-20 18:03:31,595 INFO L290 TraceCheckUtils]: 37: Hoare triple {19984#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {19984#true} is VALID [2022-02-20 18:03:31,595 INFO L272 TraceCheckUtils]: 38: Hoare triple {19984#true} call select_features_#t~ret99#1 := select_one(); {19984#true} is VALID [2022-02-20 18:03:31,595 INFO L290 TraceCheckUtils]: 39: Hoare triple {19984#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {19984#true} is VALID [2022-02-20 18:03:31,595 INFO L290 TraceCheckUtils]: 40: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,596 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {19984#true} {19984#true} #1735#return; {19984#true} is VALID [2022-02-20 18:03:31,596 INFO L290 TraceCheckUtils]: 42: Hoare triple {19984#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {19984#true} is VALID [2022-02-20 18:03:31,596 INFO L290 TraceCheckUtils]: 43: Hoare triple {19984#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {19984#true} is VALID [2022-02-20 18:03:31,596 INFO L290 TraceCheckUtils]: 44: Hoare triple {19984#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {19984#true} is VALID [2022-02-20 18:03:31,596 INFO L290 TraceCheckUtils]: 45: Hoare triple {19984#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {19984#true} is VALID [2022-02-20 18:03:31,596 INFO L290 TraceCheckUtils]: 46: Hoare triple {19984#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {19984#true} is VALID [2022-02-20 18:03:31,597 INFO L290 TraceCheckUtils]: 47: Hoare triple {19984#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {20010#(not (= ~__SELECTED_FEATURE_Sign~0 0))} is VALID [2022-02-20 18:03:31,597 INFO L290 TraceCheckUtils]: 48: Hoare triple {20010#(not (= ~__SELECTED_FEATURE_Sign~0 0))} assume 0 != ~__SELECTED_FEATURE_Verify~0; {20010#(not (= ~__SELECTED_FEATURE_Sign~0 0))} is VALID [2022-02-20 18:03:31,599 INFO L290 TraceCheckUtils]: 49: Hoare triple {20010#(not (= ~__SELECTED_FEATURE_Sign~0 0))} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {20010#(not (= ~__SELECTED_FEATURE_Sign~0 0))} is VALID [2022-02-20 18:03:31,599 INFO L290 TraceCheckUtils]: 50: Hoare triple {20010#(not (= ~__SELECTED_FEATURE_Sign~0 0))} assume 0 != ~__SELECTED_FEATURE_Sign~0; {20010#(not (= ~__SELECTED_FEATURE_Sign~0 0))} is VALID [2022-02-20 18:03:31,599 INFO L290 TraceCheckUtils]: 51: Hoare triple {20010#(not (= ~__SELECTED_FEATURE_Sign~0 0))} assume 0 == ~__SELECTED_FEATURE_Sign~0; {19985#false} is VALID [2022-02-20 18:03:31,599 INFO L290 TraceCheckUtils]: 52: Hoare triple {19985#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~24#1 := 1; {19985#false} is VALID [2022-02-20 18:03:31,599 INFO L290 TraceCheckUtils]: 53: Hoare triple {19985#false} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {19985#false} is VALID [2022-02-20 18:03:31,599 INFO L290 TraceCheckUtils]: 54: Hoare triple {19985#false} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {19985#false} is VALID [2022-02-20 18:03:31,600 INFO L290 TraceCheckUtils]: 55: Hoare triple {19985#false} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {19985#false} is VALID [2022-02-20 18:03:31,600 INFO L290 TraceCheckUtils]: 56: Hoare triple {19985#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {19985#false} is VALID [2022-02-20 18:03:31,600 INFO L272 TraceCheckUtils]: 57: Hoare triple {19985#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:31,600 INFO L290 TraceCheckUtils]: 58: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {19984#true} is VALID [2022-02-20 18:03:31,601 INFO L272 TraceCheckUtils]: 59: Hoare triple {19984#true} call setClientId(~bob___0, ~bob___0); {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:31,601 INFO L290 TraceCheckUtils]: 60: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,601 INFO L290 TraceCheckUtils]: 61: Hoare triple {19984#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,601 INFO L290 TraceCheckUtils]: 62: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,601 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {19984#true} {19984#true} #1719#return; {19984#true} is VALID [2022-02-20 18:03:31,601 INFO L290 TraceCheckUtils]: 64: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,601 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {19984#true} {19985#false} #1741#return; {19985#false} is VALID [2022-02-20 18:03:31,601 INFO L290 TraceCheckUtils]: 66: Hoare triple {19985#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {19985#false} is VALID [2022-02-20 18:03:31,602 INFO L290 TraceCheckUtils]: 67: Hoare triple {19985#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {19985#false} is VALID [2022-02-20 18:03:31,602 INFO L272 TraceCheckUtils]: 68: Hoare triple {19985#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:31,602 INFO L290 TraceCheckUtils]: 69: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {19984#true} is VALID [2022-02-20 18:03:31,602 INFO L272 TraceCheckUtils]: 70: Hoare triple {19984#true} call setClientId(~rjh___0, ~rjh___0); {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:31,602 INFO L290 TraceCheckUtils]: 71: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,603 INFO L290 TraceCheckUtils]: 72: Hoare triple {19984#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,603 INFO L290 TraceCheckUtils]: 73: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,603 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {19984#true} {19984#true} #1671#return; {19984#true} is VALID [2022-02-20 18:03:31,603 INFO L290 TraceCheckUtils]: 75: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,603 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {19984#true} {19985#false} #1747#return; {19985#false} is VALID [2022-02-20 18:03:31,603 INFO L290 TraceCheckUtils]: 77: Hoare triple {19985#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {19985#false} is VALID [2022-02-20 18:03:31,603 INFO L290 TraceCheckUtils]: 78: Hoare triple {19985#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {19985#false} is VALID [2022-02-20 18:03:31,603 INFO L272 TraceCheckUtils]: 79: Hoare triple {19985#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:31,603 INFO L290 TraceCheckUtils]: 80: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {19984#true} is VALID [2022-02-20 18:03:31,604 INFO L272 TraceCheckUtils]: 81: Hoare triple {19984#true} call setClientId(~chuck___0, ~chuck___0); {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:31,604 INFO L290 TraceCheckUtils]: 82: Hoare triple {20064#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,604 INFO L290 TraceCheckUtils]: 83: Hoare triple {19984#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,604 INFO L290 TraceCheckUtils]: 84: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,605 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {19984#true} {19984#true} #1617#return; {19984#true} is VALID [2022-02-20 18:03:31,605 INFO L290 TraceCheckUtils]: 86: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,605 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {19984#true} {19985#false} #1753#return; {19985#false} is VALID [2022-02-20 18:03:31,605 INFO L290 TraceCheckUtils]: 88: Hoare triple {19985#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {19985#false} is VALID [2022-02-20 18:03:31,605 INFO L290 TraceCheckUtils]: 89: Hoare triple {19985#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19985#false} is VALID [2022-02-20 18:03:31,605 INFO L290 TraceCheckUtils]: 90: Hoare triple {19985#false} assume !false; {19985#false} is VALID [2022-02-20 18:03:31,605 INFO L290 TraceCheckUtils]: 91: Hoare triple {19985#false} assume !(test_~splverifierCounter~0#1 < 4); {19985#false} is VALID [2022-02-20 18:03:31,605 INFO L290 TraceCheckUtils]: 92: Hoare triple {19985#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {19985#false} is VALID [2022-02-20 18:03:31,606 INFO L272 TraceCheckUtils]: 93: Hoare triple {19985#false} call sendEmail(~bob~0, ~rjh~0); {19985#false} is VALID [2022-02-20 18:03:31,606 INFO L290 TraceCheckUtils]: 94: Hoare triple {19985#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19985#false} is VALID [2022-02-20 18:03:31,606 INFO L272 TraceCheckUtils]: 95: Hoare triple {19985#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {20077#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:31,606 INFO L290 TraceCheckUtils]: 96: Hoare triple {20077#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,606 INFO L290 TraceCheckUtils]: 97: Hoare triple {19984#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,606 INFO L290 TraceCheckUtils]: 98: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,606 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {19984#true} {19985#false} #1639#return; {19985#false} is VALID [2022-02-20 18:03:31,606 INFO L272 TraceCheckUtils]: 100: Hoare triple {19985#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {20078#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:31,606 INFO L290 TraceCheckUtils]: 101: Hoare triple {20078#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,607 INFO L290 TraceCheckUtils]: 102: Hoare triple {19984#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,607 INFO L290 TraceCheckUtils]: 103: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,607 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {19984#true} {19985#false} #1641#return; {19985#false} is VALID [2022-02-20 18:03:31,607 INFO L290 TraceCheckUtils]: 105: Hoare triple {19985#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {19985#false} is VALID [2022-02-20 18:03:31,607 INFO L290 TraceCheckUtils]: 106: Hoare triple {19985#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {19985#false} is VALID [2022-02-20 18:03:31,607 INFO L272 TraceCheckUtils]: 107: Hoare triple {19985#false} call outgoing(~sender#1, ~email~0#1); {19985#false} is VALID [2022-02-20 18:03:31,607 INFO L290 TraceCheckUtils]: 108: Hoare triple {19985#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19985#false} is VALID [2022-02-20 18:03:31,607 INFO L290 TraceCheckUtils]: 109: Hoare triple {19985#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {19985#false} is VALID [2022-02-20 18:03:31,608 INFO L272 TraceCheckUtils]: 110: Hoare triple {19985#false} call outgoing__before__Sign(~client#1, ~msg#1); {19985#false} is VALID [2022-02-20 18:03:31,608 INFO L290 TraceCheckUtils]: 111: Hoare triple {19985#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19985#false} is VALID [2022-02-20 18:03:31,608 INFO L290 TraceCheckUtils]: 112: Hoare triple {19985#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {19985#false} is VALID [2022-02-20 18:03:31,608 INFO L272 TraceCheckUtils]: 113: Hoare triple {19985#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {19985#false} is VALID [2022-02-20 18:03:31,608 INFO L290 TraceCheckUtils]: 114: Hoare triple {19985#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19985#false} is VALID [2022-02-20 18:03:31,608 INFO L290 TraceCheckUtils]: 115: Hoare triple {19985#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {19985#false} is VALID [2022-02-20 18:03:31,608 INFO L272 TraceCheckUtils]: 116: Hoare triple {19985#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {19985#false} is VALID [2022-02-20 18:03:31,608 INFO L290 TraceCheckUtils]: 117: Hoare triple {19985#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {19985#false} is VALID [2022-02-20 18:03:31,608 INFO L290 TraceCheckUtils]: 118: Hoare triple {19985#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {19985#false} is VALID [2022-02-20 18:03:31,609 INFO L290 TraceCheckUtils]: 119: Hoare triple {19985#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {19985#false} is VALID [2022-02-20 18:03:31,609 INFO L272 TraceCheckUtils]: 120: Hoare triple {19985#false} call setEmailFrom(~msg#1, ~tmp~1#1); {20077#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:31,609 INFO L290 TraceCheckUtils]: 121: Hoare triple {20077#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19984#true} is VALID [2022-02-20 18:03:31,609 INFO L290 TraceCheckUtils]: 122: Hoare triple {19984#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19984#true} is VALID [2022-02-20 18:03:31,609 INFO L290 TraceCheckUtils]: 123: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,609 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {19984#true} {19985#false} #1651#return; {19985#false} is VALID [2022-02-20 18:03:31,609 INFO L290 TraceCheckUtils]: 125: Hoare triple {19985#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {19985#false} is VALID [2022-02-20 18:03:31,609 INFO L272 TraceCheckUtils]: 126: Hoare triple {19985#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {19984#true} is VALID [2022-02-20 18:03:31,610 INFO L290 TraceCheckUtils]: 127: Hoare triple {19984#true} ~handle := #in~handle;havoc ~retValue_acc~8; {19984#true} is VALID [2022-02-20 18:03:31,610 INFO L290 TraceCheckUtils]: 128: Hoare triple {19984#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {19984#true} is VALID [2022-02-20 18:03:31,610 INFO L290 TraceCheckUtils]: 129: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,610 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {19984#true} {19985#false} #1653#return; {19985#false} is VALID [2022-02-20 18:03:31,610 INFO L290 TraceCheckUtils]: 131: Hoare triple {19985#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {19985#false} is VALID [2022-02-20 18:03:31,610 INFO L290 TraceCheckUtils]: 132: Hoare triple {19985#false} assume 0 != ~__SELECTED_FEATURE_Decrypt~0;assume { :begin_inline_incoming__role__Decrypt } true;incoming__role__Decrypt_#in~client#1, incoming__role__Decrypt_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__role__Decrypt_#t~ret18#1, incoming__role__Decrypt_#t~ret19#1, incoming__role__Decrypt_#t~ret20#1, incoming__role__Decrypt_#t~ret21#1, incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1, incoming__role__Decrypt_~privkey~0#1, incoming__role__Decrypt_~tmp~6#1, incoming__role__Decrypt_~tmp___0~2#1, incoming__role__Decrypt_~tmp___1~1#1, incoming__role__Decrypt_~tmp___2~1#1;incoming__role__Decrypt_~client#1 := incoming__role__Decrypt_#in~client#1;incoming__role__Decrypt_~msg#1 := incoming__role__Decrypt_#in~msg#1;havoc incoming__role__Decrypt_~privkey~0#1;havoc incoming__role__Decrypt_~tmp~6#1;havoc incoming__role__Decrypt_~tmp___0~2#1;havoc incoming__role__Decrypt_~tmp___1~1#1;havoc incoming__role__Decrypt_~tmp___2~1#1; {19985#false} is VALID [2022-02-20 18:03:31,610 INFO L272 TraceCheckUtils]: 133: Hoare triple {19985#false} call incoming__role__Decrypt_#t~ret18#1 := getClientPrivateKey(incoming__role__Decrypt_~client#1); {19984#true} is VALID [2022-02-20 18:03:31,610 INFO L290 TraceCheckUtils]: 134: Hoare triple {19984#true} ~handle := #in~handle;havoc ~retValue_acc~31; {19984#true} is VALID [2022-02-20 18:03:31,610 INFO L290 TraceCheckUtils]: 135: Hoare triple {19984#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {19984#true} is VALID [2022-02-20 18:03:31,611 INFO L290 TraceCheckUtils]: 136: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,611 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {19984#true} {19985#false} #1655#return; {19985#false} is VALID [2022-02-20 18:03:31,611 INFO L290 TraceCheckUtils]: 138: Hoare triple {19985#false} assume -2147483648 <= incoming__role__Decrypt_#t~ret18#1 && incoming__role__Decrypt_#t~ret18#1 <= 2147483647;incoming__role__Decrypt_~tmp~6#1 := incoming__role__Decrypt_#t~ret18#1;havoc incoming__role__Decrypt_#t~ret18#1;incoming__role__Decrypt_~privkey~0#1 := incoming__role__Decrypt_~tmp~6#1; {19985#false} is VALID [2022-02-20 18:03:31,611 INFO L290 TraceCheckUtils]: 139: Hoare triple {19985#false} assume !(0 != incoming__role__Decrypt_~privkey~0#1); {19985#false} is VALID [2022-02-20 18:03:31,611 INFO L272 TraceCheckUtils]: 140: Hoare triple {19985#false} call incoming__before__Decrypt(incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1); {19985#false} is VALID [2022-02-20 18:03:31,611 INFO L290 TraceCheckUtils]: 141: Hoare triple {19985#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {19985#false} is VALID [2022-02-20 18:03:31,611 INFO L290 TraceCheckUtils]: 142: Hoare triple {19985#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {19985#false} is VALID [2022-02-20 18:03:31,611 INFO L272 TraceCheckUtils]: 143: Hoare triple {19985#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {19984#true} is VALID [2022-02-20 18:03:31,612 INFO L290 TraceCheckUtils]: 144: Hoare triple {19984#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {19984#true} is VALID [2022-02-20 18:03:31,612 INFO L290 TraceCheckUtils]: 145: Hoare triple {19984#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {19984#true} is VALID [2022-02-20 18:03:31,612 INFO L272 TraceCheckUtils]: 146: Hoare triple {19984#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {19984#true} is VALID [2022-02-20 18:03:31,612 INFO L290 TraceCheckUtils]: 147: Hoare triple {19984#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {19984#true} is VALID [2022-02-20 18:03:31,612 INFO L290 TraceCheckUtils]: 148: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,612 INFO L284 TraceCheckUtils]: 149: Hoare quadruple {19984#true} {19984#true} #1797#return; {19984#true} is VALID [2022-02-20 18:03:31,612 INFO L290 TraceCheckUtils]: 150: Hoare triple {19984#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {19984#true} is VALID [2022-02-20 18:03:31,612 INFO L290 TraceCheckUtils]: 151: Hoare triple {19984#true} assume true; {19984#true} is VALID [2022-02-20 18:03:31,612 INFO L284 TraceCheckUtils]: 152: Hoare quadruple {19984#true} {19985#false} #1587#return; {19985#false} is VALID [2022-02-20 18:03:31,613 INFO L290 TraceCheckUtils]: 153: Hoare triple {19985#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {19985#false} is VALID [2022-02-20 18:03:31,613 INFO L290 TraceCheckUtils]: 154: Hoare triple {19985#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {19985#false} is VALID [2022-02-20 18:03:31,613 INFO L290 TraceCheckUtils]: 155: Hoare triple {19985#false} assume !false; {19985#false} is VALID [2022-02-20 18:03:31,613 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:03:31,613 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:31,613 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2096678864] [2022-02-20 18:03:31,614 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2096678864] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:31,614 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:31,614 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:03:31,614 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1841048902] [2022-02-20 18:03:31,615 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:31,616 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 156 [2022-02-20 18:03:31,616 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:31,616 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 18:03:31,714 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 133 edges. 133 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:31,714 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:03:31,714 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:31,715 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:03:31,715 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:03:31,715 INFO L87 Difference]: Start difference. First operand 1132 states and 1671 transitions. Second operand has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 18:03:35,787 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:35,787 INFO L93 Difference]: Finished difference Result 1265 states and 1902 transitions. [2022-02-20 18:03:35,787 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:03:35,787 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 156 [2022-02-20 18:03:35,788 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:35,788 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 18:03:35,806 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1898 transitions. [2022-02-20 18:03:35,806 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 18:03:35,824 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1898 transitions. [2022-02-20 18:03:35,824 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1898 transitions. [2022-02-20 18:03:37,392 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1898 edges. 1898 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:37,416 INFO L225 Difference]: With dead ends: 1265 [2022-02-20 18:03:37,416 INFO L226 Difference]: Without dead ends: 726 [2022-02-20 18:03:37,417 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 55 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:03:37,418 INFO L933 BasicCegarLoop]: 877 mSDtfsCounter, 2002 mSDsluCounter, 684 mSDsCounter, 0 mSdLazyCounter, 508 mSolverCounterSat, 793 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2029 SdHoareTripleChecker+Valid, 1561 SdHoareTripleChecker+Invalid, 1301 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 793 IncrementalHoareTripleChecker+Valid, 508 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:37,418 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2029 Valid, 1561 Invalid, 1301 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [793 Valid, 508 Invalid, 0 Unknown, 0 Unchecked, 1.6s Time] [2022-02-20 18:03:37,419 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 726 states. [2022-02-20 18:03:37,434 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 726 to 595. [2022-02-20 18:03:37,435 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:37,436 INFO L82 GeneralOperation]: Start isEquivalent. First operand 726 states. Second operand has 595 states, 444 states have (on average 1.4752252252252251) internal successors, (655), 459 states have internal predecessors, (655), 105 states have call successors, (105), 45 states have call predecessors, (105), 45 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 18:03:37,436 INFO L74 IsIncluded]: Start isIncluded. First operand 726 states. Second operand has 595 states, 444 states have (on average 1.4752252252252251) internal successors, (655), 459 states have internal predecessors, (655), 105 states have call successors, (105), 45 states have call predecessors, (105), 45 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 18:03:37,437 INFO L87 Difference]: Start difference. First operand 726 states. Second operand has 595 states, 444 states have (on average 1.4752252252252251) internal successors, (655), 459 states have internal predecessors, (655), 105 states have call successors, (105), 45 states have call predecessors, (105), 45 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 18:03:37,455 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:37,455 INFO L93 Difference]: Finished difference Result 726 states and 1084 transitions. [2022-02-20 18:03:37,456 INFO L276 IsEmpty]: Start isEmpty. Operand 726 states and 1084 transitions. [2022-02-20 18:03:37,457 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:37,457 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:37,458 INFO L74 IsIncluded]: Start isIncluded. First operand has 595 states, 444 states have (on average 1.4752252252252251) internal successors, (655), 459 states have internal predecessors, (655), 105 states have call successors, (105), 45 states have call predecessors, (105), 45 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) Second operand 726 states. [2022-02-20 18:03:37,459 INFO L87 Difference]: Start difference. First operand has 595 states, 444 states have (on average 1.4752252252252251) internal successors, (655), 459 states have internal predecessors, (655), 105 states have call successors, (105), 45 states have call predecessors, (105), 45 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) Second operand 726 states. [2022-02-20 18:03:37,477 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:37,478 INFO L93 Difference]: Finished difference Result 726 states and 1084 transitions. [2022-02-20 18:03:37,478 INFO L276 IsEmpty]: Start isEmpty. Operand 726 states and 1084 transitions. [2022-02-20 18:03:37,480 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:37,480 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:37,480 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:37,480 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:37,481 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 595 states, 444 states have (on average 1.4752252252252251) internal successors, (655), 459 states have internal predecessors, (655), 105 states have call successors, (105), 45 states have call predecessors, (105), 45 states have return successors, (104), 103 states have call predecessors, (104), 104 states have call successors, (104) [2022-02-20 18:03:37,497 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 595 states to 595 states and 864 transitions. [2022-02-20 18:03:37,498 INFO L78 Accepts]: Start accepts. Automaton has 595 states and 864 transitions. Word has length 156 [2022-02-20 18:03:37,498 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:37,498 INFO L470 AbstractCegarLoop]: Abstraction has 595 states and 864 transitions. [2022-02-20 18:03:37,498 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 14.166666666666666) internal successors, (85), 3 states have internal predecessors, (85), 2 states have call successors, (27), 5 states have call predecessors, (27), 1 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 18:03:37,498 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 864 transitions. [2022-02-20 18:03:37,500 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 166 [2022-02-20 18:03:37,500 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:37,500 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:37,500 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:03:37,501 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:37,501 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:37,501 INFO L85 PathProgramCache]: Analyzing trace with hash 1342249904, now seen corresponding path program 1 times [2022-02-20 18:03:37,501 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:37,501 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1897556921] [2022-02-20 18:03:37,501 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:37,502 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:37,539 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,565 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:03:37,567 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,570 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,570 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,571 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24122#true} {24122#true} #1721#return; {24122#true} is VALID [2022-02-20 18:03:37,571 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:03:37,573 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,574 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,575 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24122#true} {24122#true} #1723#return; {24122#true} is VALID [2022-02-20 18:03:37,575 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:03:37,576 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,577 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,577 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,578 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24122#true} {24122#true} #1725#return; {24122#true} is VALID [2022-02-20 18:03:37,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:37,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,584 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,584 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,584 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24122#true} {24122#true} #1727#return; {24122#true} is VALID [2022-02-20 18:03:37,584 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:03:37,586 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,588 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,588 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,588 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24122#true} {24122#true} #1729#return; {24122#true} is VALID [2022-02-20 18:03:37,589 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:03:37,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,593 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,593 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,594 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24122#true} {24122#true} #1731#return; {24122#true} is VALID [2022-02-20 18:03:37,594 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:03:37,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,599 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,599 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,599 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24122#true} {24122#true} #1733#return; {24122#true} is VALID [2022-02-20 18:03:37,599 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:03:37,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,602 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,602 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,602 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24122#true} {24122#true} #1735#return; {24122#true} is VALID [2022-02-20 18:03:37,608 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:03:37,609 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,613 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:37,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,615 INFO L290 TraceCheckUtils]: 0: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,615 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,615 INFO L290 TraceCheckUtils]: 2: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,616 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24122#true} {24122#true} #1719#return; {24122#true} is VALID [2022-02-20 18:03:37,616 INFO L290 TraceCheckUtils]: 0: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {24122#true} is VALID [2022-02-20 18:03:37,616 INFO L272 TraceCheckUtils]: 1: Hoare triple {24122#true} call setClientId(~bob___0, ~bob___0); {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:37,616 INFO L290 TraceCheckUtils]: 2: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,617 INFO L290 TraceCheckUtils]: 3: Hoare triple {24122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,617 INFO L290 TraceCheckUtils]: 4: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,617 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24122#true} {24122#true} #1719#return; {24122#true} is VALID [2022-02-20 18:03:37,617 INFO L290 TraceCheckUtils]: 6: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,617 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {24122#true} {24123#false} #1741#return; {24123#false} is VALID [2022-02-20 18:03:37,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:03:37,619 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:37,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,626 INFO L290 TraceCheckUtils]: 0: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,626 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,626 INFO L290 TraceCheckUtils]: 2: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,626 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24122#true} {24122#true} #1671#return; {24122#true} is VALID [2022-02-20 18:03:37,626 INFO L290 TraceCheckUtils]: 0: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {24122#true} is VALID [2022-02-20 18:03:37,627 INFO L272 TraceCheckUtils]: 1: Hoare triple {24122#true} call setClientId(~rjh___0, ~rjh___0); {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:37,627 INFO L290 TraceCheckUtils]: 2: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,627 INFO L290 TraceCheckUtils]: 3: Hoare triple {24122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,627 INFO L290 TraceCheckUtils]: 4: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,627 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24122#true} {24122#true} #1671#return; {24122#true} is VALID [2022-02-20 18:03:37,627 INFO L290 TraceCheckUtils]: 6: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,627 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {24122#true} {24123#false} #1747#return; {24123#false} is VALID [2022-02-20 18:03:37,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:03:37,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:37,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,635 INFO L290 TraceCheckUtils]: 0: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,635 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,635 INFO L290 TraceCheckUtils]: 2: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,635 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24122#true} {24122#true} #1617#return; {24122#true} is VALID [2022-02-20 18:03:37,635 INFO L290 TraceCheckUtils]: 0: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {24122#true} is VALID [2022-02-20 18:03:37,636 INFO L272 TraceCheckUtils]: 1: Hoare triple {24122#true} call setClientId(~chuck___0, ~chuck___0); {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:37,636 INFO L290 TraceCheckUtils]: 2: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,636 INFO L290 TraceCheckUtils]: 3: Hoare triple {24122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,636 INFO L290 TraceCheckUtils]: 4: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,636 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24122#true} {24122#true} #1617#return; {24122#true} is VALID [2022-02-20 18:03:37,636 INFO L290 TraceCheckUtils]: 6: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,637 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {24122#true} {24123#false} #1753#return; {24123#false} is VALID [2022-02-20 18:03:37,640 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:03:37,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,644 INFO L290 TraceCheckUtils]: 0: Hoare triple {24219#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,644 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,644 INFO L290 TraceCheckUtils]: 2: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,644 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24122#true} {24123#false} #1639#return; {24123#false} is VALID [2022-02-20 18:03:37,649 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:03:37,650 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,652 INFO L290 TraceCheckUtils]: 0: Hoare triple {24220#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,652 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,652 INFO L290 TraceCheckUtils]: 2: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,652 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24122#true} {24123#false} #1641#return; {24123#false} is VALID [2022-02-20 18:03:37,652 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 18:03:37,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,655 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} ~handle := #in~handle;havoc ~retValue_acc~31; {24122#true} is VALID [2022-02-20 18:03:37,656 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {24122#true} is VALID [2022-02-20 18:03:37,656 INFO L290 TraceCheckUtils]: 2: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,656 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24122#true} {24123#false} #1581#return; {24123#false} is VALID [2022-02-20 18:03:37,656 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:03:37,657 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,658 INFO L290 TraceCheckUtils]: 0: Hoare triple {24219#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,658 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,658 INFO L290 TraceCheckUtils]: 2: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,658 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24122#true} {24123#false} #1651#return; {24123#false} is VALID [2022-02-20 18:03:37,659 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 18:03:37,659 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,661 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} ~handle := #in~handle;havoc ~retValue_acc~8; {24122#true} is VALID [2022-02-20 18:03:37,661 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {24122#true} is VALID [2022-02-20 18:03:37,662 INFO L290 TraceCheckUtils]: 2: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,662 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24122#true} {24123#false} #1653#return; {24123#false} is VALID [2022-02-20 18:03:37,662 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 18:03:37,663 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} ~handle := #in~handle;havoc ~retValue_acc~31; {24122#true} is VALID [2022-02-20 18:03:37,668 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {24122#true} is VALID [2022-02-20 18:03:37,668 INFO L290 TraceCheckUtils]: 2: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,668 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24122#true} {24123#false} #1655#return; {24123#false} is VALID [2022-02-20 18:03:37,668 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 152 [2022-02-20 18:03:37,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,671 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:03:37,672 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:37,673 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {24122#true} is VALID [2022-02-20 18:03:37,673 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,673 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24122#true} {24122#true} #1797#return; {24122#true} is VALID [2022-02-20 18:03:37,673 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {24122#true} is VALID [2022-02-20 18:03:37,673 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {24122#true} is VALID [2022-02-20 18:03:37,674 INFO L272 TraceCheckUtils]: 2: Hoare triple {24122#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {24122#true} is VALID [2022-02-20 18:03:37,674 INFO L290 TraceCheckUtils]: 3: Hoare triple {24122#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {24122#true} is VALID [2022-02-20 18:03:37,674 INFO L290 TraceCheckUtils]: 4: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,674 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24122#true} {24122#true} #1797#return; {24122#true} is VALID [2022-02-20 18:03:37,674 INFO L290 TraceCheckUtils]: 6: Hoare triple {24122#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {24122#true} is VALID [2022-02-20 18:03:37,674 INFO L290 TraceCheckUtils]: 7: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,674 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {24122#true} {24123#false} #1587#return; {24123#false} is VALID [2022-02-20 18:03:37,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {24122#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {24122#true} is VALID [2022-02-20 18:03:37,675 INFO L290 TraceCheckUtils]: 1: Hoare triple {24122#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {24122#true} is VALID [2022-02-20 18:03:37,675 INFO L290 TraceCheckUtils]: 2: Hoare triple {24122#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {24122#true} is VALID [2022-02-20 18:03:37,675 INFO L272 TraceCheckUtils]: 3: Hoare triple {24122#true} call select_features_#t~ret92#1 := select_one(); {24122#true} is VALID [2022-02-20 18:03:37,675 INFO L290 TraceCheckUtils]: 4: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,675 INFO L290 TraceCheckUtils]: 5: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,675 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {24122#true} {24122#true} #1721#return; {24122#true} is VALID [2022-02-20 18:03:37,675 INFO L290 TraceCheckUtils]: 7: Hoare triple {24122#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {24122#true} is VALID [2022-02-20 18:03:37,675 INFO L272 TraceCheckUtils]: 8: Hoare triple {24122#true} call select_features_#t~ret93#1 := select_one(); {24122#true} is VALID [2022-02-20 18:03:37,676 INFO L290 TraceCheckUtils]: 9: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,676 INFO L290 TraceCheckUtils]: 10: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,676 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {24122#true} {24122#true} #1723#return; {24122#true} is VALID [2022-02-20 18:03:37,676 INFO L290 TraceCheckUtils]: 12: Hoare triple {24122#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {24122#true} is VALID [2022-02-20 18:03:37,676 INFO L272 TraceCheckUtils]: 13: Hoare triple {24122#true} call select_features_#t~ret94#1 := select_one(); {24122#true} is VALID [2022-02-20 18:03:37,676 INFO L290 TraceCheckUtils]: 14: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,676 INFO L290 TraceCheckUtils]: 15: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,676 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24122#true} {24122#true} #1725#return; {24122#true} is VALID [2022-02-20 18:03:37,677 INFO L290 TraceCheckUtils]: 17: Hoare triple {24122#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {24122#true} is VALID [2022-02-20 18:03:37,677 INFO L272 TraceCheckUtils]: 18: Hoare triple {24122#true} call select_features_#t~ret95#1 := select_one(); {24122#true} is VALID [2022-02-20 18:03:37,677 INFO L290 TraceCheckUtils]: 19: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,677 INFO L290 TraceCheckUtils]: 20: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,677 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {24122#true} {24122#true} #1727#return; {24122#true} is VALID [2022-02-20 18:03:37,677 INFO L290 TraceCheckUtils]: 22: Hoare triple {24122#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {24122#true} is VALID [2022-02-20 18:03:37,677 INFO L272 TraceCheckUtils]: 23: Hoare triple {24122#true} call select_features_#t~ret96#1 := select_one(); {24122#true} is VALID [2022-02-20 18:03:37,677 INFO L290 TraceCheckUtils]: 24: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,677 INFO L290 TraceCheckUtils]: 25: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,678 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {24122#true} {24122#true} #1729#return; {24122#true} is VALID [2022-02-20 18:03:37,678 INFO L290 TraceCheckUtils]: 27: Hoare triple {24122#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {24122#true} is VALID [2022-02-20 18:03:37,678 INFO L272 TraceCheckUtils]: 28: Hoare triple {24122#true} call select_features_#t~ret97#1 := select_one(); {24122#true} is VALID [2022-02-20 18:03:37,678 INFO L290 TraceCheckUtils]: 29: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,678 INFO L290 TraceCheckUtils]: 30: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,679 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {24122#true} {24122#true} #1731#return; {24122#true} is VALID [2022-02-20 18:03:37,679 INFO L290 TraceCheckUtils]: 32: Hoare triple {24122#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {24122#true} is VALID [2022-02-20 18:03:37,679 INFO L272 TraceCheckUtils]: 33: Hoare triple {24122#true} call select_features_#t~ret98#1 := select_one(); {24122#true} is VALID [2022-02-20 18:03:37,679 INFO L290 TraceCheckUtils]: 34: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,679 INFO L290 TraceCheckUtils]: 35: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,679 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {24122#true} {24122#true} #1733#return; {24122#true} is VALID [2022-02-20 18:03:37,679 INFO L290 TraceCheckUtils]: 37: Hoare triple {24122#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {24122#true} is VALID [2022-02-20 18:03:37,680 INFO L272 TraceCheckUtils]: 38: Hoare triple {24122#true} call select_features_#t~ret99#1 := select_one(); {24122#true} is VALID [2022-02-20 18:03:37,680 INFO L290 TraceCheckUtils]: 39: Hoare triple {24122#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {24122#true} is VALID [2022-02-20 18:03:37,680 INFO L290 TraceCheckUtils]: 40: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,680 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {24122#true} {24122#true} #1735#return; {24122#true} is VALID [2022-02-20 18:03:37,680 INFO L290 TraceCheckUtils]: 42: Hoare triple {24122#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {24122#true} is VALID [2022-02-20 18:03:37,680 INFO L290 TraceCheckUtils]: 43: Hoare triple {24122#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {24122#true} is VALID [2022-02-20 18:03:37,680 INFO L290 TraceCheckUtils]: 44: Hoare triple {24122#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {24122#true} is VALID [2022-02-20 18:03:37,680 INFO L290 TraceCheckUtils]: 45: Hoare triple {24122#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {24122#true} is VALID [2022-02-20 18:03:37,681 INFO L290 TraceCheckUtils]: 46: Hoare triple {24122#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {24122#true} is VALID [2022-02-20 18:03:37,681 INFO L290 TraceCheckUtils]: 47: Hoare triple {24122#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {24122#true} is VALID [2022-02-20 18:03:37,681 INFO L290 TraceCheckUtils]: 48: Hoare triple {24122#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {24122#true} is VALID [2022-02-20 18:03:37,681 INFO L290 TraceCheckUtils]: 49: Hoare triple {24122#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {24122#true} is VALID [2022-02-20 18:03:37,681 INFO L290 TraceCheckUtils]: 50: Hoare triple {24122#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {24122#true} is VALID [2022-02-20 18:03:37,681 INFO L290 TraceCheckUtils]: 51: Hoare triple {24122#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {24122#true} is VALID [2022-02-20 18:03:37,681 INFO L290 TraceCheckUtils]: 52: Hoare triple {24122#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {24148#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:03:37,682 INFO L290 TraceCheckUtils]: 53: Hoare triple {24148#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~24#1 := 1; {24148#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:03:37,682 INFO L290 TraceCheckUtils]: 54: Hoare triple {24148#(not (= ~__SELECTED_FEATURE_Keys~0 0))} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {24148#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:03:37,682 INFO L290 TraceCheckUtils]: 55: Hoare triple {24148#(not (= ~__SELECTED_FEATURE_Keys~0 0))} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {24148#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:03:37,683 INFO L290 TraceCheckUtils]: 56: Hoare triple {24148#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {24148#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:03:37,683 INFO L290 TraceCheckUtils]: 57: Hoare triple {24148#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {24123#false} is VALID [2022-02-20 18:03:37,683 INFO L272 TraceCheckUtils]: 58: Hoare triple {24123#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:37,683 INFO L290 TraceCheckUtils]: 59: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {24122#true} is VALID [2022-02-20 18:03:37,684 INFO L272 TraceCheckUtils]: 60: Hoare triple {24122#true} call setClientId(~bob___0, ~bob___0); {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:37,684 INFO L290 TraceCheckUtils]: 61: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,684 INFO L290 TraceCheckUtils]: 62: Hoare triple {24122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,684 INFO L290 TraceCheckUtils]: 63: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,684 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {24122#true} {24122#true} #1719#return; {24122#true} is VALID [2022-02-20 18:03:37,684 INFO L290 TraceCheckUtils]: 65: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,684 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {24122#true} {24123#false} #1741#return; {24123#false} is VALID [2022-02-20 18:03:37,685 INFO L290 TraceCheckUtils]: 67: Hoare triple {24123#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {24123#false} is VALID [2022-02-20 18:03:37,685 INFO L290 TraceCheckUtils]: 68: Hoare triple {24123#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {24123#false} is VALID [2022-02-20 18:03:37,685 INFO L272 TraceCheckUtils]: 69: Hoare triple {24123#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:37,685 INFO L290 TraceCheckUtils]: 70: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {24122#true} is VALID [2022-02-20 18:03:37,685 INFO L272 TraceCheckUtils]: 71: Hoare triple {24122#true} call setClientId(~rjh___0, ~rjh___0); {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:37,686 INFO L290 TraceCheckUtils]: 72: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,686 INFO L290 TraceCheckUtils]: 73: Hoare triple {24122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,686 INFO L290 TraceCheckUtils]: 74: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,686 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {24122#true} {24122#true} #1671#return; {24122#true} is VALID [2022-02-20 18:03:37,686 INFO L290 TraceCheckUtils]: 76: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,686 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {24122#true} {24123#false} #1747#return; {24123#false} is VALID [2022-02-20 18:03:37,686 INFO L290 TraceCheckUtils]: 78: Hoare triple {24123#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {24123#false} is VALID [2022-02-20 18:03:37,686 INFO L290 TraceCheckUtils]: 79: Hoare triple {24123#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {24123#false} is VALID [2022-02-20 18:03:37,686 INFO L272 TraceCheckUtils]: 80: Hoare triple {24123#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:37,687 INFO L290 TraceCheckUtils]: 81: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {24122#true} is VALID [2022-02-20 18:03:37,687 INFO L272 TraceCheckUtils]: 82: Hoare triple {24122#true} call setClientId(~chuck___0, ~chuck___0); {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:37,687 INFO L290 TraceCheckUtils]: 83: Hoare triple {24206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,687 INFO L290 TraceCheckUtils]: 84: Hoare triple {24122#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,688 INFO L290 TraceCheckUtils]: 85: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,688 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {24122#true} {24122#true} #1617#return; {24122#true} is VALID [2022-02-20 18:03:37,688 INFO L290 TraceCheckUtils]: 87: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,688 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {24122#true} {24123#false} #1753#return; {24123#false} is VALID [2022-02-20 18:03:37,688 INFO L290 TraceCheckUtils]: 89: Hoare triple {24123#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {24123#false} is VALID [2022-02-20 18:03:37,688 INFO L290 TraceCheckUtils]: 90: Hoare triple {24123#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24123#false} is VALID [2022-02-20 18:03:37,688 INFO L290 TraceCheckUtils]: 91: Hoare triple {24123#false} assume !false; {24123#false} is VALID [2022-02-20 18:03:37,688 INFO L290 TraceCheckUtils]: 92: Hoare triple {24123#false} assume !(test_~splverifierCounter~0#1 < 4); {24123#false} is VALID [2022-02-20 18:03:37,689 INFO L290 TraceCheckUtils]: 93: Hoare triple {24123#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {24123#false} is VALID [2022-02-20 18:03:37,689 INFO L272 TraceCheckUtils]: 94: Hoare triple {24123#false} call sendEmail(~bob~0, ~rjh~0); {24123#false} is VALID [2022-02-20 18:03:37,689 INFO L290 TraceCheckUtils]: 95: Hoare triple {24123#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24123#false} is VALID [2022-02-20 18:03:37,689 INFO L272 TraceCheckUtils]: 96: Hoare triple {24123#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24219#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:37,689 INFO L290 TraceCheckUtils]: 97: Hoare triple {24219#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,689 INFO L290 TraceCheckUtils]: 98: Hoare triple {24122#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,689 INFO L290 TraceCheckUtils]: 99: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,689 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {24122#true} {24123#false} #1639#return; {24123#false} is VALID [2022-02-20 18:03:37,690 INFO L272 TraceCheckUtils]: 101: Hoare triple {24123#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24220#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:37,690 INFO L290 TraceCheckUtils]: 102: Hoare triple {24220#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,690 INFO L290 TraceCheckUtils]: 103: Hoare triple {24122#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,690 INFO L290 TraceCheckUtils]: 104: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,690 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {24122#true} {24123#false} #1641#return; {24123#false} is VALID [2022-02-20 18:03:37,690 INFO L290 TraceCheckUtils]: 106: Hoare triple {24123#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {24123#false} is VALID [2022-02-20 18:03:37,690 INFO L290 TraceCheckUtils]: 107: Hoare triple {24123#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {24123#false} is VALID [2022-02-20 18:03:37,690 INFO L272 TraceCheckUtils]: 108: Hoare triple {24123#false} call outgoing(~sender#1, ~email~0#1); {24123#false} is VALID [2022-02-20 18:03:37,690 INFO L290 TraceCheckUtils]: 109: Hoare triple {24123#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {24123#false} is VALID [2022-02-20 18:03:37,691 INFO L290 TraceCheckUtils]: 110: Hoare triple {24123#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret27#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {24123#false} is VALID [2022-02-20 18:03:37,691 INFO L272 TraceCheckUtils]: 111: Hoare triple {24123#false} call sign_#t~ret27#1 := getClientPrivateKey(sign_~client#1); {24122#true} is VALID [2022-02-20 18:03:37,691 INFO L290 TraceCheckUtils]: 112: Hoare triple {24122#true} ~handle := #in~handle;havoc ~retValue_acc~31; {24122#true} is VALID [2022-02-20 18:03:37,691 INFO L290 TraceCheckUtils]: 113: Hoare triple {24122#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {24122#true} is VALID [2022-02-20 18:03:37,692 INFO L290 TraceCheckUtils]: 114: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,692 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {24122#true} {24123#false} #1581#return; {24123#false} is VALID [2022-02-20 18:03:37,692 INFO L290 TraceCheckUtils]: 116: Hoare triple {24123#false} assume -2147483648 <= sign_#t~ret27#1 && sign_#t~ret27#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret27#1;havoc sign_#t~ret27#1;sign_~privkey~1#1 := sign_~tmp~10#1; {24123#false} is VALID [2022-02-20 18:03:37,692 INFO L290 TraceCheckUtils]: 117: Hoare triple {24123#false} assume 0 == sign_~privkey~1#1; {24123#false} is VALID [2022-02-20 18:03:37,692 INFO L290 TraceCheckUtils]: 118: Hoare triple {24123#false} assume { :end_inline_sign } true; {24123#false} is VALID [2022-02-20 18:03:37,692 INFO L272 TraceCheckUtils]: 119: Hoare triple {24123#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {24123#false} is VALID [2022-02-20 18:03:37,692 INFO L290 TraceCheckUtils]: 120: Hoare triple {24123#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {24123#false} is VALID [2022-02-20 18:03:37,692 INFO L290 TraceCheckUtils]: 121: Hoare triple {24123#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {24123#false} is VALID [2022-02-20 18:03:37,693 INFO L272 TraceCheckUtils]: 122: Hoare triple {24123#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {24123#false} is VALID [2022-02-20 18:03:37,693 INFO L290 TraceCheckUtils]: 123: Hoare triple {24123#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {24123#false} is VALID [2022-02-20 18:03:37,693 INFO L290 TraceCheckUtils]: 124: Hoare triple {24123#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {24123#false} is VALID [2022-02-20 18:03:37,693 INFO L272 TraceCheckUtils]: 125: Hoare triple {24123#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {24123#false} is VALID [2022-02-20 18:03:37,693 INFO L290 TraceCheckUtils]: 126: Hoare triple {24123#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {24123#false} is VALID [2022-02-20 18:03:37,693 INFO L290 TraceCheckUtils]: 127: Hoare triple {24123#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {24123#false} is VALID [2022-02-20 18:03:37,693 INFO L290 TraceCheckUtils]: 128: Hoare triple {24123#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {24123#false} is VALID [2022-02-20 18:03:37,693 INFO L272 TraceCheckUtils]: 129: Hoare triple {24123#false} call setEmailFrom(~msg#1, ~tmp~1#1); {24219#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:37,693 INFO L290 TraceCheckUtils]: 130: Hoare triple {24219#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24122#true} is VALID [2022-02-20 18:03:37,694 INFO L290 TraceCheckUtils]: 131: Hoare triple {24122#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24122#true} is VALID [2022-02-20 18:03:37,694 INFO L290 TraceCheckUtils]: 132: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,694 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {24122#true} {24123#false} #1651#return; {24123#false} is VALID [2022-02-20 18:03:37,694 INFO L290 TraceCheckUtils]: 134: Hoare triple {24123#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {24123#false} is VALID [2022-02-20 18:03:37,694 INFO L272 TraceCheckUtils]: 135: Hoare triple {24123#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {24122#true} is VALID [2022-02-20 18:03:37,694 INFO L290 TraceCheckUtils]: 136: Hoare triple {24122#true} ~handle := #in~handle;havoc ~retValue_acc~8; {24122#true} is VALID [2022-02-20 18:03:37,694 INFO L290 TraceCheckUtils]: 137: Hoare triple {24122#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {24122#true} is VALID [2022-02-20 18:03:37,694 INFO L290 TraceCheckUtils]: 138: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,695 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {24122#true} {24123#false} #1653#return; {24123#false} is VALID [2022-02-20 18:03:37,695 INFO L290 TraceCheckUtils]: 140: Hoare triple {24123#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {24123#false} is VALID [2022-02-20 18:03:37,695 INFO L290 TraceCheckUtils]: 141: Hoare triple {24123#false} assume 0 != ~__SELECTED_FEATURE_Decrypt~0;assume { :begin_inline_incoming__role__Decrypt } true;incoming__role__Decrypt_#in~client#1, incoming__role__Decrypt_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__role__Decrypt_#t~ret18#1, incoming__role__Decrypt_#t~ret19#1, incoming__role__Decrypt_#t~ret20#1, incoming__role__Decrypt_#t~ret21#1, incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1, incoming__role__Decrypt_~privkey~0#1, incoming__role__Decrypt_~tmp~6#1, incoming__role__Decrypt_~tmp___0~2#1, incoming__role__Decrypt_~tmp___1~1#1, incoming__role__Decrypt_~tmp___2~1#1;incoming__role__Decrypt_~client#1 := incoming__role__Decrypt_#in~client#1;incoming__role__Decrypt_~msg#1 := incoming__role__Decrypt_#in~msg#1;havoc incoming__role__Decrypt_~privkey~0#1;havoc incoming__role__Decrypt_~tmp~6#1;havoc incoming__role__Decrypt_~tmp___0~2#1;havoc incoming__role__Decrypt_~tmp___1~1#1;havoc incoming__role__Decrypt_~tmp___2~1#1; {24123#false} is VALID [2022-02-20 18:03:37,695 INFO L272 TraceCheckUtils]: 142: Hoare triple {24123#false} call incoming__role__Decrypt_#t~ret18#1 := getClientPrivateKey(incoming__role__Decrypt_~client#1); {24122#true} is VALID [2022-02-20 18:03:37,695 INFO L290 TraceCheckUtils]: 143: Hoare triple {24122#true} ~handle := #in~handle;havoc ~retValue_acc~31; {24122#true} is VALID [2022-02-20 18:03:37,695 INFO L290 TraceCheckUtils]: 144: Hoare triple {24122#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {24122#true} is VALID [2022-02-20 18:03:37,695 INFO L290 TraceCheckUtils]: 145: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,695 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {24122#true} {24123#false} #1655#return; {24123#false} is VALID [2022-02-20 18:03:37,696 INFO L290 TraceCheckUtils]: 147: Hoare triple {24123#false} assume -2147483648 <= incoming__role__Decrypt_#t~ret18#1 && incoming__role__Decrypt_#t~ret18#1 <= 2147483647;incoming__role__Decrypt_~tmp~6#1 := incoming__role__Decrypt_#t~ret18#1;havoc incoming__role__Decrypt_#t~ret18#1;incoming__role__Decrypt_~privkey~0#1 := incoming__role__Decrypt_~tmp~6#1; {24123#false} is VALID [2022-02-20 18:03:37,696 INFO L290 TraceCheckUtils]: 148: Hoare triple {24123#false} assume !(0 != incoming__role__Decrypt_~privkey~0#1); {24123#false} is VALID [2022-02-20 18:03:37,696 INFO L272 TraceCheckUtils]: 149: Hoare triple {24123#false} call incoming__before__Decrypt(incoming__role__Decrypt_~client#1, incoming__role__Decrypt_~msg#1); {24123#false} is VALID [2022-02-20 18:03:37,696 INFO L290 TraceCheckUtils]: 150: Hoare triple {24123#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {24123#false} is VALID [2022-02-20 18:03:37,696 INFO L290 TraceCheckUtils]: 151: Hoare triple {24123#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {24123#false} is VALID [2022-02-20 18:03:37,696 INFO L272 TraceCheckUtils]: 152: Hoare triple {24123#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {24122#true} is VALID [2022-02-20 18:03:37,696 INFO L290 TraceCheckUtils]: 153: Hoare triple {24122#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {24122#true} is VALID [2022-02-20 18:03:37,696 INFO L290 TraceCheckUtils]: 154: Hoare triple {24122#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {24122#true} is VALID [2022-02-20 18:03:37,696 INFO L272 TraceCheckUtils]: 155: Hoare triple {24122#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {24122#true} is VALID [2022-02-20 18:03:37,697 INFO L290 TraceCheckUtils]: 156: Hoare triple {24122#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {24122#true} is VALID [2022-02-20 18:03:37,697 INFO L290 TraceCheckUtils]: 157: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,708 INFO L284 TraceCheckUtils]: 158: Hoare quadruple {24122#true} {24122#true} #1797#return; {24122#true} is VALID [2022-02-20 18:03:37,718 INFO L290 TraceCheckUtils]: 159: Hoare triple {24122#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {24122#true} is VALID [2022-02-20 18:03:37,718 INFO L290 TraceCheckUtils]: 160: Hoare triple {24122#true} assume true; {24122#true} is VALID [2022-02-20 18:03:37,719 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {24122#true} {24123#false} #1587#return; {24123#false} is VALID [2022-02-20 18:03:37,719 INFO L290 TraceCheckUtils]: 162: Hoare triple {24123#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {24123#false} is VALID [2022-02-20 18:03:37,719 INFO L290 TraceCheckUtils]: 163: Hoare triple {24123#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {24123#false} is VALID [2022-02-20 18:03:37,719 INFO L290 TraceCheckUtils]: 164: Hoare triple {24123#false} assume !false; {24123#false} is VALID [2022-02-20 18:03:37,719 INFO L134 CoverageAnalysis]: Checked inductivity of 104 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 104 trivial. 0 not checked. [2022-02-20 18:03:37,719 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:37,720 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1897556921] [2022-02-20 18:03:37,720 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1897556921] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:37,720 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:37,720 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:03:37,720 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [446462473] [2022-02-20 18:03:37,720 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:37,721 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.833333333333334) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) Word has length 165 [2022-02-20 18:03:37,721 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:37,721 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 14.833333333333334) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:03:37,812 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 139 edges. 139 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:37,812 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:03:37,812 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:37,813 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:03:37,813 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:03:37,814 INFO L87 Difference]: Start difference. First operand 595 states and 864 transitions. Second operand has 6 states, 6 states have (on average 14.833333333333334) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:03:41,477 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:41,478 INFO L93 Difference]: Finished difference Result 1275 states and 1885 transitions. [2022-02-20 18:03:41,478 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:03:41,478 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 14.833333333333334) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) Word has length 165 [2022-02-20 18:03:41,478 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:41,479 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.833333333333334) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:03:41,493 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1881 transitions. [2022-02-20 18:03:41,494 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 14.833333333333334) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:03:41,508 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1881 transitions. [2022-02-20 18:03:41,509 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1881 transitions. [2022-02-20 18:03:42,439 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1881 edges. 1881 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:42,463 INFO L225 Difference]: With dead ends: 1275 [2022-02-20 18:03:42,464 INFO L226 Difference]: Without dead ends: 729 [2022-02-20 18:03:42,465 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 57 GetRequests, 47 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:03:42,465 INFO L933 BasicCegarLoop]: 853 mSDtfsCounter, 1987 mSDsluCounter, 643 mSDsCounter, 0 mSdLazyCounter, 528 mSolverCounterSat, 796 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2012 SdHoareTripleChecker+Valid, 1496 SdHoareTripleChecker+Invalid, 1324 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 796 IncrementalHoareTripleChecker+Valid, 528 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.4s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:42,466 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2012 Valid, 1496 Invalid, 1324 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [796 Valid, 528 Invalid, 0 Unknown, 0 Unchecked, 1.4s Time] [2022-02-20 18:03:42,467 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 729 states. [2022-02-20 18:03:42,484 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 729 to 592. [2022-02-20 18:03:42,484 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:42,485 INFO L82 GeneralOperation]: Start isEquivalent. First operand 729 states. Second operand has 592 states, 444 states have (on average 1.4504504504504505) internal successors, (644), 454 states have internal predecessors, (644), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) [2022-02-20 18:03:42,486 INFO L74 IsIncluded]: Start isIncluded. First operand 729 states. Second operand has 592 states, 444 states have (on average 1.4504504504504505) internal successors, (644), 454 states have internal predecessors, (644), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) [2022-02-20 18:03:42,487 INFO L87 Difference]: Start difference. First operand 729 states. Second operand has 592 states, 444 states have (on average 1.4504504504504505) internal successors, (644), 454 states have internal predecessors, (644), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) [2022-02-20 18:03:42,504 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:42,505 INFO L93 Difference]: Finished difference Result 729 states and 1070 transitions. [2022-02-20 18:03:42,505 INFO L276 IsEmpty]: Start isEmpty. Operand 729 states and 1070 transitions. [2022-02-20 18:03:42,506 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:42,507 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:42,508 INFO L74 IsIncluded]: Start isIncluded. First operand has 592 states, 444 states have (on average 1.4504504504504505) internal successors, (644), 454 states have internal predecessors, (644), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) Second operand 729 states. [2022-02-20 18:03:42,508 INFO L87 Difference]: Start difference. First operand has 592 states, 444 states have (on average 1.4504504504504505) internal successors, (644), 454 states have internal predecessors, (644), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) Second operand 729 states. [2022-02-20 18:03:42,526 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:42,527 INFO L93 Difference]: Finished difference Result 729 states and 1070 transitions. [2022-02-20 18:03:42,527 INFO L276 IsEmpty]: Start isEmpty. Operand 729 states and 1070 transitions. [2022-02-20 18:03:42,528 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:42,528 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:42,529 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:42,529 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:42,530 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 592 states, 444 states have (on average 1.4504504504504505) internal successors, (644), 454 states have internal predecessors, (644), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) [2022-02-20 18:03:42,545 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 592 states to 592 states and 847 transitions. [2022-02-20 18:03:42,546 INFO L78 Accepts]: Start accepts. Automaton has 592 states and 847 transitions. Word has length 165 [2022-02-20 18:03:42,546 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:42,546 INFO L470 AbstractCegarLoop]: Abstraction has 592 states and 847 transitions. [2022-02-20 18:03:42,546 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 14.833333333333334) internal successors, (89), 3 states have internal predecessors, (89), 2 states have call successors, (28), 5 states have call predecessors, (28), 1 states have return successors, (22), 2 states have call predecessors, (22), 2 states have call successors, (22) [2022-02-20 18:03:42,546 INFO L276 IsEmpty]: Start isEmpty. Operand 592 states and 847 transitions. [2022-02-20 18:03:42,556 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 177 [2022-02-20 18:03:42,556 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:42,557 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:42,557 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:03:42,557 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:42,557 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:42,558 INFO L85 PathProgramCache]: Analyzing trace with hash 1875311965, now seen corresponding path program 1 times [2022-02-20 18:03:42,558 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:42,558 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [103594472] [2022-02-20 18:03:42,558 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:42,558 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:42,585 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:03:42,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,616 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,616 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,617 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28276#true} {28276#true} #1721#return; {28276#true} is VALID [2022-02-20 18:03:42,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:03:42,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,620 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,620 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,620 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28276#true} {28276#true} #1723#return; {28276#true} is VALID [2022-02-20 18:03:42,621 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:03:42,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,624 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,625 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,625 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28276#true} {28276#true} #1725#return; {28276#true} is VALID [2022-02-20 18:03:42,625 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:42,626 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,628 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,628 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,628 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28276#true} {28276#true} #1727#return; {28276#true} is VALID [2022-02-20 18:03:42,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:03:42,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,630 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28276#true} {28276#true} #1729#return; {28276#true} is VALID [2022-02-20 18:03:42,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:03:42,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,633 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,633 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,633 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28276#true} {28276#true} #1731#return; {28276#true} is VALID [2022-02-20 18:03:42,633 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:03:42,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,636 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,636 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,636 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28276#true} {28276#true} #1733#return; {28276#true} is VALID [2022-02-20 18:03:42,636 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:03:42,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,638 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,638 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,638 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28276#true} {28276#true} #1735#return; {28276#true} is VALID [2022-02-20 18:03:42,642 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:03:42,643 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,645 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:42,645 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,646 INFO L290 TraceCheckUtils]: 0: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,647 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,647 INFO L290 TraceCheckUtils]: 2: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,647 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28276#true} {28276#true} #1719#return; {28276#true} is VALID [2022-02-20 18:03:42,647 INFO L290 TraceCheckUtils]: 0: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {28276#true} is VALID [2022-02-20 18:03:42,648 INFO L272 TraceCheckUtils]: 1: Hoare triple {28276#true} call setClientId(~bob___0, ~bob___0); {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:42,648 INFO L290 TraceCheckUtils]: 2: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,648 INFO L290 TraceCheckUtils]: 3: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,648 INFO L290 TraceCheckUtils]: 4: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,648 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28276#true} {28276#true} #1719#return; {28276#true} is VALID [2022-02-20 18:03:42,648 INFO L290 TraceCheckUtils]: 6: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,648 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {28276#true} {28276#true} #1737#return; {28276#true} is VALID [2022-02-20 18:03:42,653 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:03:42,654 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,655 INFO L290 TraceCheckUtils]: 0: Hoare triple {28374#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,656 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,656 INFO L290 TraceCheckUtils]: 2: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,656 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28276#true} {28276#true} #1739#return; {28276#true} is VALID [2022-02-20 18:03:42,656 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:03:42,657 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,672 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:42,674 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,687 INFO L290 TraceCheckUtils]: 0: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28381#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:42,687 INFO L290 TraceCheckUtils]: 1: Hoare triple {28381#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28382#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:42,687 INFO L290 TraceCheckUtils]: 2: Hoare triple {28382#(= |setClientId_#in~handle| 1)} assume true; {28382#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:42,688 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28382#(= |setClientId_#in~handle| 1)} {28375#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1671#return; {28380#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:42,688 INFO L290 TraceCheckUtils]: 0: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {28375#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:42,689 INFO L272 TraceCheckUtils]: 1: Hoare triple {28375#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:42,689 INFO L290 TraceCheckUtils]: 2: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28381#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:42,689 INFO L290 TraceCheckUtils]: 3: Hoare triple {28381#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28382#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:42,690 INFO L290 TraceCheckUtils]: 4: Hoare triple {28382#(= |setClientId_#in~handle| 1)} assume true; {28382#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:42,690 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28382#(= |setClientId_#in~handle| 1)} {28375#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1671#return; {28380#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:42,690 INFO L290 TraceCheckUtils]: 6: Hoare triple {28380#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {28380#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:42,691 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {28380#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {28315#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1743#return; {28277#false} is VALID [2022-02-20 18:03:42,691 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:03:42,692 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,694 INFO L290 TraceCheckUtils]: 0: Hoare triple {28374#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,694 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,694 INFO L290 TraceCheckUtils]: 2: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,694 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28276#true} {28277#false} #1745#return; {28277#false} is VALID [2022-02-20 18:03:42,694 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:03:42,696 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:42,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,700 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,700 INFO L290 TraceCheckUtils]: 2: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,700 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28276#true} {28276#true} #1617#return; {28276#true} is VALID [2022-02-20 18:03:42,700 INFO L290 TraceCheckUtils]: 0: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {28276#true} is VALID [2022-02-20 18:03:42,700 INFO L272 TraceCheckUtils]: 1: Hoare triple {28276#true} call setClientId(~chuck___0, ~chuck___0); {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:42,701 INFO L290 TraceCheckUtils]: 2: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,701 INFO L290 TraceCheckUtils]: 3: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,701 INFO L290 TraceCheckUtils]: 4: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,701 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28276#true} {28276#true} #1617#return; {28276#true} is VALID [2022-02-20 18:03:42,701 INFO L290 TraceCheckUtils]: 6: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,701 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {28276#true} {28277#false} #1749#return; {28277#false} is VALID [2022-02-20 18:03:42,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:03:42,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,704 INFO L290 TraceCheckUtils]: 0: Hoare triple {28374#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,704 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,704 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28276#true} {28277#false} #1751#return; {28277#false} is VALID [2022-02-20 18:03:42,711 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:03:42,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,713 INFO L290 TraceCheckUtils]: 0: Hoare triple {28387#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,713 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,713 INFO L290 TraceCheckUtils]: 2: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,713 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28276#true} {28277#false} #1639#return; {28277#false} is VALID [2022-02-20 18:03:42,720 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:03:42,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,721 INFO L290 TraceCheckUtils]: 0: Hoare triple {28388#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,722 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,722 INFO L290 TraceCheckUtils]: 2: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,722 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28276#true} {28277#false} #1641#return; {28277#false} is VALID [2022-02-20 18:03:42,722 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:03:42,724 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,725 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} ~handle := #in~handle;havoc ~retValue_acc~31; {28276#true} is VALID [2022-02-20 18:03:42,725 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {28276#true} is VALID [2022-02-20 18:03:42,725 INFO L290 TraceCheckUtils]: 2: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,725 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28276#true} {28277#false} #1581#return; {28277#false} is VALID [2022-02-20 18:03:42,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-02-20 18:03:42,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,727 INFO L290 TraceCheckUtils]: 0: Hoare triple {28387#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,727 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,727 INFO L290 TraceCheckUtils]: 2: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,727 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28276#true} {28277#false} #1651#return; {28277#false} is VALID [2022-02-20 18:03:42,728 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-02-20 18:03:42,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,729 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} ~handle := #in~handle;havoc ~retValue_acc~8; {28276#true} is VALID [2022-02-20 18:03:42,729 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {28276#true} is VALID [2022-02-20 18:03:42,729 INFO L290 TraceCheckUtils]: 2: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,730 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28276#true} {28277#false} #1653#return; {28277#false} is VALID [2022-02-20 18:03:42,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-02-20 18:03:42,731 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,733 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:03:42,733 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:42,734 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {28276#true} is VALID [2022-02-20 18:03:42,735 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,735 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {28276#true} {28276#true} #1797#return; {28276#true} is VALID [2022-02-20 18:03:42,735 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {28276#true} is VALID [2022-02-20 18:03:42,735 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {28276#true} is VALID [2022-02-20 18:03:42,735 INFO L272 TraceCheckUtils]: 2: Hoare triple {28276#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {28276#true} is VALID [2022-02-20 18:03:42,735 INFO L290 TraceCheckUtils]: 3: Hoare triple {28276#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {28276#true} is VALID [2022-02-20 18:03:42,735 INFO L290 TraceCheckUtils]: 4: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,735 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28276#true} {28276#true} #1797#return; {28276#true} is VALID [2022-02-20 18:03:42,736 INFO L290 TraceCheckUtils]: 6: Hoare triple {28276#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {28276#true} is VALID [2022-02-20 18:03:42,736 INFO L290 TraceCheckUtils]: 7: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,736 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {28276#true} {28277#false} #1587#return; {28277#false} is VALID [2022-02-20 18:03:42,736 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {28276#true} is VALID [2022-02-20 18:03:42,736 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {28276#true} is VALID [2022-02-20 18:03:42,736 INFO L290 TraceCheckUtils]: 2: Hoare triple {28276#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {28276#true} is VALID [2022-02-20 18:03:42,736 INFO L272 TraceCheckUtils]: 3: Hoare triple {28276#true} call select_features_#t~ret92#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:42,736 INFO L290 TraceCheckUtils]: 4: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,737 INFO L290 TraceCheckUtils]: 5: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,737 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {28276#true} {28276#true} #1721#return; {28276#true} is VALID [2022-02-20 18:03:42,737 INFO L290 TraceCheckUtils]: 7: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {28276#true} is VALID [2022-02-20 18:03:42,737 INFO L272 TraceCheckUtils]: 8: Hoare triple {28276#true} call select_features_#t~ret93#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:42,737 INFO L290 TraceCheckUtils]: 9: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,737 INFO L290 TraceCheckUtils]: 10: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,737 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {28276#true} {28276#true} #1723#return; {28276#true} is VALID [2022-02-20 18:03:42,737 INFO L290 TraceCheckUtils]: 12: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {28276#true} is VALID [2022-02-20 18:03:42,738 INFO L272 TraceCheckUtils]: 13: Hoare triple {28276#true} call select_features_#t~ret94#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:42,738 INFO L290 TraceCheckUtils]: 14: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,738 INFO L290 TraceCheckUtils]: 15: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,738 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {28276#true} {28276#true} #1725#return; {28276#true} is VALID [2022-02-20 18:03:42,738 INFO L290 TraceCheckUtils]: 17: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {28276#true} is VALID [2022-02-20 18:03:42,738 INFO L272 TraceCheckUtils]: 18: Hoare triple {28276#true} call select_features_#t~ret95#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:42,738 INFO L290 TraceCheckUtils]: 19: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,738 INFO L290 TraceCheckUtils]: 20: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,738 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {28276#true} {28276#true} #1727#return; {28276#true} is VALID [2022-02-20 18:03:42,739 INFO L290 TraceCheckUtils]: 22: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {28276#true} is VALID [2022-02-20 18:03:42,739 INFO L272 TraceCheckUtils]: 23: Hoare triple {28276#true} call select_features_#t~ret96#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:42,739 INFO L290 TraceCheckUtils]: 24: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,739 INFO L290 TraceCheckUtils]: 25: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,739 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {28276#true} {28276#true} #1729#return; {28276#true} is VALID [2022-02-20 18:03:42,739 INFO L290 TraceCheckUtils]: 27: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {28276#true} is VALID [2022-02-20 18:03:42,739 INFO L272 TraceCheckUtils]: 28: Hoare triple {28276#true} call select_features_#t~ret97#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:42,739 INFO L290 TraceCheckUtils]: 29: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,739 INFO L290 TraceCheckUtils]: 30: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,740 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {28276#true} {28276#true} #1731#return; {28276#true} is VALID [2022-02-20 18:03:42,740 INFO L290 TraceCheckUtils]: 32: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {28276#true} is VALID [2022-02-20 18:03:42,740 INFO L272 TraceCheckUtils]: 33: Hoare triple {28276#true} call select_features_#t~ret98#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:42,740 INFO L290 TraceCheckUtils]: 34: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,740 INFO L290 TraceCheckUtils]: 35: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,740 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {28276#true} {28276#true} #1733#return; {28276#true} is VALID [2022-02-20 18:03:42,740 INFO L290 TraceCheckUtils]: 37: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {28276#true} is VALID [2022-02-20 18:03:42,740 INFO L272 TraceCheckUtils]: 38: Hoare triple {28276#true} call select_features_#t~ret99#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:42,741 INFO L290 TraceCheckUtils]: 39: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:42,741 INFO L290 TraceCheckUtils]: 40: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,741 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {28276#true} {28276#true} #1735#return; {28276#true} is VALID [2022-02-20 18:03:42,741 INFO L290 TraceCheckUtils]: 42: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {28276#true} is VALID [2022-02-20 18:03:42,741 INFO L290 TraceCheckUtils]: 43: Hoare triple {28276#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {28276#true} is VALID [2022-02-20 18:03:42,741 INFO L290 TraceCheckUtils]: 44: Hoare triple {28276#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {28276#true} is VALID [2022-02-20 18:03:42,741 INFO L290 TraceCheckUtils]: 45: Hoare triple {28276#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {28276#true} is VALID [2022-02-20 18:03:42,741 INFO L290 TraceCheckUtils]: 46: Hoare triple {28276#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {28276#true} is VALID [2022-02-20 18:03:42,741 INFO L290 TraceCheckUtils]: 47: Hoare triple {28276#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {28276#true} is VALID [2022-02-20 18:03:42,742 INFO L290 TraceCheckUtils]: 48: Hoare triple {28276#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {28276#true} is VALID [2022-02-20 18:03:42,742 INFO L290 TraceCheckUtils]: 49: Hoare triple {28276#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {28276#true} is VALID [2022-02-20 18:03:42,742 INFO L290 TraceCheckUtils]: 50: Hoare triple {28276#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {28276#true} is VALID [2022-02-20 18:03:42,742 INFO L290 TraceCheckUtils]: 51: Hoare triple {28276#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {28276#true} is VALID [2022-02-20 18:03:42,742 INFO L290 TraceCheckUtils]: 52: Hoare triple {28276#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {28276#true} is VALID [2022-02-20 18:03:42,742 INFO L290 TraceCheckUtils]: 53: Hoare triple {28276#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~24#1 := 1; {28276#true} is VALID [2022-02-20 18:03:42,742 INFO L290 TraceCheckUtils]: 54: Hoare triple {28276#true} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {28276#true} is VALID [2022-02-20 18:03:42,742 INFO L290 TraceCheckUtils]: 55: Hoare triple {28276#true} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {28276#true} is VALID [2022-02-20 18:03:42,742 INFO L290 TraceCheckUtils]: 56: Hoare triple {28276#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {28276#true} is VALID [2022-02-20 18:03:42,743 INFO L290 TraceCheckUtils]: 57: Hoare triple {28276#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {28276#true} is VALID [2022-02-20 18:03:42,743 INFO L272 TraceCheckUtils]: 58: Hoare triple {28276#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:42,743 INFO L290 TraceCheckUtils]: 59: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {28276#true} is VALID [2022-02-20 18:03:42,744 INFO L272 TraceCheckUtils]: 60: Hoare triple {28276#true} call setClientId(~bob___0, ~bob___0); {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:42,744 INFO L290 TraceCheckUtils]: 61: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,744 INFO L290 TraceCheckUtils]: 62: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,744 INFO L290 TraceCheckUtils]: 63: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,744 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {28276#true} {28276#true} #1719#return; {28276#true} is VALID [2022-02-20 18:03:42,744 INFO L290 TraceCheckUtils]: 65: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,744 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {28276#true} {28276#true} #1737#return; {28276#true} is VALID [2022-02-20 18:03:42,745 INFO L272 TraceCheckUtils]: 67: Hoare triple {28276#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {28374#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:42,745 INFO L290 TraceCheckUtils]: 68: Hoare triple {28374#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,745 INFO L290 TraceCheckUtils]: 69: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,745 INFO L290 TraceCheckUtils]: 70: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,745 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {28276#true} {28276#true} #1739#return; {28276#true} is VALID [2022-02-20 18:03:42,746 INFO L290 TraceCheckUtils]: 72: Hoare triple {28276#true} assume { :end_inline_setup_bob__role__Keys } true; {28276#true} is VALID [2022-02-20 18:03:42,746 INFO L290 TraceCheckUtils]: 73: Hoare triple {28276#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {28314#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:42,746 INFO L290 TraceCheckUtils]: 74: Hoare triple {28314#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {28315#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:42,747 INFO L272 TraceCheckUtils]: 75: Hoare triple {28315#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:42,747 INFO L290 TraceCheckUtils]: 76: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {28375#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:42,748 INFO L272 TraceCheckUtils]: 77: Hoare triple {28375#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:42,748 INFO L290 TraceCheckUtils]: 78: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28381#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:42,748 INFO L290 TraceCheckUtils]: 79: Hoare triple {28381#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28382#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:42,749 INFO L290 TraceCheckUtils]: 80: Hoare triple {28382#(= |setClientId_#in~handle| 1)} assume true; {28382#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:42,749 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {28382#(= |setClientId_#in~handle| 1)} {28375#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1671#return; {28380#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:42,749 INFO L290 TraceCheckUtils]: 82: Hoare triple {28380#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {28380#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:42,750 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {28380#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {28315#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1743#return; {28277#false} is VALID [2022-02-20 18:03:42,750 INFO L272 TraceCheckUtils]: 84: Hoare triple {28277#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {28374#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:42,750 INFO L290 TraceCheckUtils]: 85: Hoare triple {28374#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,750 INFO L290 TraceCheckUtils]: 86: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,750 INFO L290 TraceCheckUtils]: 87: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,750 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {28276#true} {28277#false} #1745#return; {28277#false} is VALID [2022-02-20 18:03:42,750 INFO L290 TraceCheckUtils]: 89: Hoare triple {28277#false} assume { :end_inline_setup_rjh__role__Keys } true; {28277#false} is VALID [2022-02-20 18:03:42,750 INFO L290 TraceCheckUtils]: 90: Hoare triple {28277#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {28277#false} is VALID [2022-02-20 18:03:42,751 INFO L290 TraceCheckUtils]: 91: Hoare triple {28277#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {28277#false} is VALID [2022-02-20 18:03:42,751 INFO L272 TraceCheckUtils]: 92: Hoare triple {28277#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:42,751 INFO L290 TraceCheckUtils]: 93: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {28276#true} is VALID [2022-02-20 18:03:42,751 INFO L272 TraceCheckUtils]: 94: Hoare triple {28276#true} call setClientId(~chuck___0, ~chuck___0); {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:42,751 INFO L290 TraceCheckUtils]: 95: Hoare triple {28369#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,752 INFO L290 TraceCheckUtils]: 96: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,752 INFO L290 TraceCheckUtils]: 97: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,752 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {28276#true} {28276#true} #1617#return; {28276#true} is VALID [2022-02-20 18:03:42,752 INFO L290 TraceCheckUtils]: 99: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,752 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {28276#true} {28277#false} #1749#return; {28277#false} is VALID [2022-02-20 18:03:42,752 INFO L272 TraceCheckUtils]: 101: Hoare triple {28277#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {28374#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:42,752 INFO L290 TraceCheckUtils]: 102: Hoare triple {28374#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,752 INFO L290 TraceCheckUtils]: 103: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,753 INFO L290 TraceCheckUtils]: 104: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,753 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {28276#true} {28277#false} #1751#return; {28277#false} is VALID [2022-02-20 18:03:42,753 INFO L290 TraceCheckUtils]: 106: Hoare triple {28277#false} assume { :end_inline_setup_chuck__role__Keys } true; {28277#false} is VALID [2022-02-20 18:03:42,753 INFO L290 TraceCheckUtils]: 107: Hoare triple {28277#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {28277#false} is VALID [2022-02-20 18:03:42,753 INFO L290 TraceCheckUtils]: 108: Hoare triple {28277#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {28277#false} is VALID [2022-02-20 18:03:42,753 INFO L290 TraceCheckUtils]: 109: Hoare triple {28277#false} assume !false; {28277#false} is VALID [2022-02-20 18:03:42,753 INFO L290 TraceCheckUtils]: 110: Hoare triple {28277#false} assume !(test_~splverifierCounter~0#1 < 4); {28277#false} is VALID [2022-02-20 18:03:42,753 INFO L290 TraceCheckUtils]: 111: Hoare triple {28277#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {28277#false} is VALID [2022-02-20 18:03:42,753 INFO L272 TraceCheckUtils]: 112: Hoare triple {28277#false} call sendEmail(~bob~0, ~rjh~0); {28277#false} is VALID [2022-02-20 18:03:42,754 INFO L290 TraceCheckUtils]: 113: Hoare triple {28277#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {28277#false} is VALID [2022-02-20 18:03:42,754 INFO L272 TraceCheckUtils]: 114: Hoare triple {28277#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {28387#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:42,754 INFO L290 TraceCheckUtils]: 115: Hoare triple {28387#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,754 INFO L290 TraceCheckUtils]: 116: Hoare triple {28276#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,754 INFO L290 TraceCheckUtils]: 117: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,754 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {28276#true} {28277#false} #1639#return; {28277#false} is VALID [2022-02-20 18:03:42,754 INFO L272 TraceCheckUtils]: 119: Hoare triple {28277#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {28388#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:42,754 INFO L290 TraceCheckUtils]: 120: Hoare triple {28388#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,755 INFO L290 TraceCheckUtils]: 121: Hoare triple {28276#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,755 INFO L290 TraceCheckUtils]: 122: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,755 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {28276#true} {28277#false} #1641#return; {28277#false} is VALID [2022-02-20 18:03:42,755 INFO L290 TraceCheckUtils]: 124: Hoare triple {28277#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {28277#false} is VALID [2022-02-20 18:03:42,755 INFO L290 TraceCheckUtils]: 125: Hoare triple {28277#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {28277#false} is VALID [2022-02-20 18:03:42,755 INFO L272 TraceCheckUtils]: 126: Hoare triple {28277#false} call outgoing(~sender#1, ~email~0#1); {28277#false} is VALID [2022-02-20 18:03:42,755 INFO L290 TraceCheckUtils]: 127: Hoare triple {28277#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28277#false} is VALID [2022-02-20 18:03:42,755 INFO L290 TraceCheckUtils]: 128: Hoare triple {28277#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret27#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {28277#false} is VALID [2022-02-20 18:03:42,756 INFO L272 TraceCheckUtils]: 129: Hoare triple {28277#false} call sign_#t~ret27#1 := getClientPrivateKey(sign_~client#1); {28276#true} is VALID [2022-02-20 18:03:42,756 INFO L290 TraceCheckUtils]: 130: Hoare triple {28276#true} ~handle := #in~handle;havoc ~retValue_acc~31; {28276#true} is VALID [2022-02-20 18:03:42,756 INFO L290 TraceCheckUtils]: 131: Hoare triple {28276#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {28276#true} is VALID [2022-02-20 18:03:42,756 INFO L290 TraceCheckUtils]: 132: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,756 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {28276#true} {28277#false} #1581#return; {28277#false} is VALID [2022-02-20 18:03:42,756 INFO L290 TraceCheckUtils]: 134: Hoare triple {28277#false} assume -2147483648 <= sign_#t~ret27#1 && sign_#t~ret27#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret27#1;havoc sign_#t~ret27#1;sign_~privkey~1#1 := sign_~tmp~10#1; {28277#false} is VALID [2022-02-20 18:03:42,756 INFO L290 TraceCheckUtils]: 135: Hoare triple {28277#false} assume 0 == sign_~privkey~1#1; {28277#false} is VALID [2022-02-20 18:03:42,756 INFO L290 TraceCheckUtils]: 136: Hoare triple {28277#false} assume { :end_inline_sign } true; {28277#false} is VALID [2022-02-20 18:03:42,756 INFO L272 TraceCheckUtils]: 137: Hoare triple {28277#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {28277#false} is VALID [2022-02-20 18:03:42,757 INFO L290 TraceCheckUtils]: 138: Hoare triple {28277#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28277#false} is VALID [2022-02-20 18:03:42,757 INFO L290 TraceCheckUtils]: 139: Hoare triple {28277#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {28277#false} is VALID [2022-02-20 18:03:42,757 INFO L272 TraceCheckUtils]: 140: Hoare triple {28277#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {28277#false} is VALID [2022-02-20 18:03:42,757 INFO L290 TraceCheckUtils]: 141: Hoare triple {28277#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28277#false} is VALID [2022-02-20 18:03:42,757 INFO L290 TraceCheckUtils]: 142: Hoare triple {28277#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {28277#false} is VALID [2022-02-20 18:03:42,757 INFO L272 TraceCheckUtils]: 143: Hoare triple {28277#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {28277#false} is VALID [2022-02-20 18:03:42,757 INFO L290 TraceCheckUtils]: 144: Hoare triple {28277#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {28277#false} is VALID [2022-02-20 18:03:42,757 INFO L290 TraceCheckUtils]: 145: Hoare triple {28277#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {28277#false} is VALID [2022-02-20 18:03:42,758 INFO L290 TraceCheckUtils]: 146: Hoare triple {28277#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {28277#false} is VALID [2022-02-20 18:03:42,758 INFO L272 TraceCheckUtils]: 147: Hoare triple {28277#false} call setEmailFrom(~msg#1, ~tmp~1#1); {28387#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:42,758 INFO L290 TraceCheckUtils]: 148: Hoare triple {28387#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:42,758 INFO L290 TraceCheckUtils]: 149: Hoare triple {28276#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:42,758 INFO L290 TraceCheckUtils]: 150: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,758 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {28276#true} {28277#false} #1651#return; {28277#false} is VALID [2022-02-20 18:03:42,758 INFO L290 TraceCheckUtils]: 152: Hoare triple {28277#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {28277#false} is VALID [2022-02-20 18:03:42,758 INFO L272 TraceCheckUtils]: 153: Hoare triple {28277#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {28276#true} is VALID [2022-02-20 18:03:42,758 INFO L290 TraceCheckUtils]: 154: Hoare triple {28276#true} ~handle := #in~handle;havoc ~retValue_acc~8; {28276#true} is VALID [2022-02-20 18:03:42,759 INFO L290 TraceCheckUtils]: 155: Hoare triple {28276#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {28276#true} is VALID [2022-02-20 18:03:42,759 INFO L290 TraceCheckUtils]: 156: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,759 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {28276#true} {28277#false} #1653#return; {28277#false} is VALID [2022-02-20 18:03:42,759 INFO L290 TraceCheckUtils]: 158: Hoare triple {28277#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {28277#false} is VALID [2022-02-20 18:03:42,759 INFO L290 TraceCheckUtils]: 159: Hoare triple {28277#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {28277#false} is VALID [2022-02-20 18:03:42,759 INFO L272 TraceCheckUtils]: 160: Hoare triple {28277#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {28277#false} is VALID [2022-02-20 18:03:42,759 INFO L290 TraceCheckUtils]: 161: Hoare triple {28277#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28277#false} is VALID [2022-02-20 18:03:42,759 INFO L290 TraceCheckUtils]: 162: Hoare triple {28277#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {28277#false} is VALID [2022-02-20 18:03:42,760 INFO L272 TraceCheckUtils]: 163: Hoare triple {28277#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {28276#true} is VALID [2022-02-20 18:03:42,760 INFO L290 TraceCheckUtils]: 164: Hoare triple {28276#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {28276#true} is VALID [2022-02-20 18:03:42,760 INFO L290 TraceCheckUtils]: 165: Hoare triple {28276#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {28276#true} is VALID [2022-02-20 18:03:42,760 INFO L272 TraceCheckUtils]: 166: Hoare triple {28276#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {28276#true} is VALID [2022-02-20 18:03:42,760 INFO L290 TraceCheckUtils]: 167: Hoare triple {28276#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {28276#true} is VALID [2022-02-20 18:03:42,760 INFO L290 TraceCheckUtils]: 168: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,760 INFO L284 TraceCheckUtils]: 169: Hoare quadruple {28276#true} {28276#true} #1797#return; {28276#true} is VALID [2022-02-20 18:03:42,760 INFO L290 TraceCheckUtils]: 170: Hoare triple {28276#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {28276#true} is VALID [2022-02-20 18:03:42,761 INFO L290 TraceCheckUtils]: 171: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:42,761 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {28276#true} {28277#false} #1587#return; {28277#false} is VALID [2022-02-20 18:03:42,761 INFO L290 TraceCheckUtils]: 173: Hoare triple {28277#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {28277#false} is VALID [2022-02-20 18:03:42,761 INFO L290 TraceCheckUtils]: 174: Hoare triple {28277#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {28277#false} is VALID [2022-02-20 18:03:42,761 INFO L290 TraceCheckUtils]: 175: Hoare triple {28277#false} assume !false; {28277#false} is VALID [2022-02-20 18:03:42,761 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 106 trivial. 0 not checked. [2022-02-20 18:03:42,762 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:42,762 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [103594472] [2022-02-20 18:03:42,762 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [103594472] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:42,762 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [112699953] [2022-02-20 18:03:42,762 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:42,762 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:42,763 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:42,790 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:42,818 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:03:43,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:43,060 INFO L263 TraceCheckSpWp]: Trace formula consists of 1487 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:03:43,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:43,172 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:43,546 INFO L290 TraceCheckUtils]: 0: Hoare triple {28276#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {28276#true} is VALID [2022-02-20 18:03:43,546 INFO L290 TraceCheckUtils]: 1: Hoare triple {28276#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {28276#true} is VALID [2022-02-20 18:03:43,547 INFO L290 TraceCheckUtils]: 2: Hoare triple {28276#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {28276#true} is VALID [2022-02-20 18:03:43,547 INFO L272 TraceCheckUtils]: 3: Hoare triple {28276#true} call select_features_#t~ret92#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:43,547 INFO L290 TraceCheckUtils]: 4: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:43,547 INFO L290 TraceCheckUtils]: 5: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,547 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {28276#true} {28276#true} #1721#return; {28276#true} is VALID [2022-02-20 18:03:43,547 INFO L290 TraceCheckUtils]: 7: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {28276#true} is VALID [2022-02-20 18:03:43,547 INFO L272 TraceCheckUtils]: 8: Hoare triple {28276#true} call select_features_#t~ret93#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:43,547 INFO L290 TraceCheckUtils]: 9: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:43,548 INFO L290 TraceCheckUtils]: 10: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,548 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {28276#true} {28276#true} #1723#return; {28276#true} is VALID [2022-02-20 18:03:43,548 INFO L290 TraceCheckUtils]: 12: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {28276#true} is VALID [2022-02-20 18:03:43,548 INFO L272 TraceCheckUtils]: 13: Hoare triple {28276#true} call select_features_#t~ret94#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:43,548 INFO L290 TraceCheckUtils]: 14: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:43,548 INFO L290 TraceCheckUtils]: 15: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,548 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {28276#true} {28276#true} #1725#return; {28276#true} is VALID [2022-02-20 18:03:43,548 INFO L290 TraceCheckUtils]: 17: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {28276#true} is VALID [2022-02-20 18:03:43,548 INFO L272 TraceCheckUtils]: 18: Hoare triple {28276#true} call select_features_#t~ret95#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:43,549 INFO L290 TraceCheckUtils]: 19: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:43,549 INFO L290 TraceCheckUtils]: 20: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,549 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {28276#true} {28276#true} #1727#return; {28276#true} is VALID [2022-02-20 18:03:43,549 INFO L290 TraceCheckUtils]: 22: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {28276#true} is VALID [2022-02-20 18:03:43,549 INFO L272 TraceCheckUtils]: 23: Hoare triple {28276#true} call select_features_#t~ret96#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:43,549 INFO L290 TraceCheckUtils]: 24: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:43,549 INFO L290 TraceCheckUtils]: 25: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,549 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {28276#true} {28276#true} #1729#return; {28276#true} is VALID [2022-02-20 18:03:43,550 INFO L290 TraceCheckUtils]: 27: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {28276#true} is VALID [2022-02-20 18:03:43,550 INFO L272 TraceCheckUtils]: 28: Hoare triple {28276#true} call select_features_#t~ret97#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:43,550 INFO L290 TraceCheckUtils]: 29: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:43,550 INFO L290 TraceCheckUtils]: 30: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,550 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {28276#true} {28276#true} #1731#return; {28276#true} is VALID [2022-02-20 18:03:43,550 INFO L290 TraceCheckUtils]: 32: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {28276#true} is VALID [2022-02-20 18:03:43,550 INFO L272 TraceCheckUtils]: 33: Hoare triple {28276#true} call select_features_#t~ret98#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:43,550 INFO L290 TraceCheckUtils]: 34: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:43,550 INFO L290 TraceCheckUtils]: 35: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,551 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {28276#true} {28276#true} #1733#return; {28276#true} is VALID [2022-02-20 18:03:43,551 INFO L290 TraceCheckUtils]: 37: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {28276#true} is VALID [2022-02-20 18:03:43,551 INFO L272 TraceCheckUtils]: 38: Hoare triple {28276#true} call select_features_#t~ret99#1 := select_one(); {28276#true} is VALID [2022-02-20 18:03:43,551 INFO L290 TraceCheckUtils]: 39: Hoare triple {28276#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {28276#true} is VALID [2022-02-20 18:03:43,551 INFO L290 TraceCheckUtils]: 40: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,551 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {28276#true} {28276#true} #1735#return; {28276#true} is VALID [2022-02-20 18:03:43,551 INFO L290 TraceCheckUtils]: 42: Hoare triple {28276#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {28276#true} is VALID [2022-02-20 18:03:43,551 INFO L290 TraceCheckUtils]: 43: Hoare triple {28276#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {28276#true} is VALID [2022-02-20 18:03:43,552 INFO L290 TraceCheckUtils]: 44: Hoare triple {28276#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {28276#true} is VALID [2022-02-20 18:03:43,552 INFO L290 TraceCheckUtils]: 45: Hoare triple {28276#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {28276#true} is VALID [2022-02-20 18:03:43,552 INFO L290 TraceCheckUtils]: 46: Hoare triple {28276#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {28276#true} is VALID [2022-02-20 18:03:43,552 INFO L290 TraceCheckUtils]: 47: Hoare triple {28276#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {28276#true} is VALID [2022-02-20 18:03:43,552 INFO L290 TraceCheckUtils]: 48: Hoare triple {28276#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {28276#true} is VALID [2022-02-20 18:03:43,552 INFO L290 TraceCheckUtils]: 49: Hoare triple {28276#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {28276#true} is VALID [2022-02-20 18:03:43,552 INFO L290 TraceCheckUtils]: 50: Hoare triple {28276#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {28276#true} is VALID [2022-02-20 18:03:43,552 INFO L290 TraceCheckUtils]: 51: Hoare triple {28276#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {28276#true} is VALID [2022-02-20 18:03:43,553 INFO L290 TraceCheckUtils]: 52: Hoare triple {28276#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {28276#true} is VALID [2022-02-20 18:03:43,553 INFO L290 TraceCheckUtils]: 53: Hoare triple {28276#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~24#1 := 1; {28276#true} is VALID [2022-02-20 18:03:43,553 INFO L290 TraceCheckUtils]: 54: Hoare triple {28276#true} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {28276#true} is VALID [2022-02-20 18:03:43,553 INFO L290 TraceCheckUtils]: 55: Hoare triple {28276#true} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {28276#true} is VALID [2022-02-20 18:03:43,553 INFO L290 TraceCheckUtils]: 56: Hoare triple {28276#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {28276#true} is VALID [2022-02-20 18:03:43,553 INFO L290 TraceCheckUtils]: 57: Hoare triple {28276#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {28276#true} is VALID [2022-02-20 18:03:43,553 INFO L272 TraceCheckUtils]: 58: Hoare triple {28276#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {28276#true} is VALID [2022-02-20 18:03:43,553 INFO L290 TraceCheckUtils]: 59: Hoare triple {28276#true} ~bob___0 := #in~bob___0; {28276#true} is VALID [2022-02-20 18:03:43,553 INFO L272 TraceCheckUtils]: 60: Hoare triple {28276#true} call setClientId(~bob___0, ~bob___0); {28276#true} is VALID [2022-02-20 18:03:43,554 INFO L290 TraceCheckUtils]: 61: Hoare triple {28276#true} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:43,554 INFO L290 TraceCheckUtils]: 62: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:43,554 INFO L290 TraceCheckUtils]: 63: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,554 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {28276#true} {28276#true} #1719#return; {28276#true} is VALID [2022-02-20 18:03:43,554 INFO L290 TraceCheckUtils]: 65: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,554 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {28276#true} {28276#true} #1737#return; {28276#true} is VALID [2022-02-20 18:03:43,554 INFO L272 TraceCheckUtils]: 67: Hoare triple {28276#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {28276#true} is VALID [2022-02-20 18:03:43,554 INFO L290 TraceCheckUtils]: 68: Hoare triple {28276#true} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:43,555 INFO L290 TraceCheckUtils]: 69: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:43,555 INFO L290 TraceCheckUtils]: 70: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,555 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {28276#true} {28276#true} #1739#return; {28276#true} is VALID [2022-02-20 18:03:43,555 INFO L290 TraceCheckUtils]: 72: Hoare triple {28276#true} assume { :end_inline_setup_bob__role__Keys } true; {28276#true} is VALID [2022-02-20 18:03:43,555 INFO L290 TraceCheckUtils]: 73: Hoare triple {28276#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {28276#true} is VALID [2022-02-20 18:03:43,555 INFO L290 TraceCheckUtils]: 74: Hoare triple {28276#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {28276#true} is VALID [2022-02-20 18:03:43,555 INFO L272 TraceCheckUtils]: 75: Hoare triple {28276#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {28276#true} is VALID [2022-02-20 18:03:43,555 INFO L290 TraceCheckUtils]: 76: Hoare triple {28276#true} ~rjh___0 := #in~rjh___0; {28276#true} is VALID [2022-02-20 18:03:43,556 INFO L272 TraceCheckUtils]: 77: Hoare triple {28276#true} call setClientId(~rjh___0, ~rjh___0); {28276#true} is VALID [2022-02-20 18:03:43,556 INFO L290 TraceCheckUtils]: 78: Hoare triple {28276#true} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:43,556 INFO L290 TraceCheckUtils]: 79: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:43,556 INFO L290 TraceCheckUtils]: 80: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,556 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {28276#true} {28276#true} #1671#return; {28276#true} is VALID [2022-02-20 18:03:43,556 INFO L290 TraceCheckUtils]: 82: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,556 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {28276#true} {28276#true} #1743#return; {28276#true} is VALID [2022-02-20 18:03:43,556 INFO L272 TraceCheckUtils]: 84: Hoare triple {28276#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {28276#true} is VALID [2022-02-20 18:03:43,556 INFO L290 TraceCheckUtils]: 85: Hoare triple {28276#true} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:43,557 INFO L290 TraceCheckUtils]: 86: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:43,557 INFO L290 TraceCheckUtils]: 87: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,557 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {28276#true} {28276#true} #1745#return; {28276#true} is VALID [2022-02-20 18:03:43,557 INFO L290 TraceCheckUtils]: 89: Hoare triple {28276#true} assume { :end_inline_setup_rjh__role__Keys } true; {28276#true} is VALID [2022-02-20 18:03:43,557 INFO L290 TraceCheckUtils]: 90: Hoare triple {28276#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {28276#true} is VALID [2022-02-20 18:03:43,557 INFO L290 TraceCheckUtils]: 91: Hoare triple {28276#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {28276#true} is VALID [2022-02-20 18:03:43,557 INFO L272 TraceCheckUtils]: 92: Hoare triple {28276#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {28276#true} is VALID [2022-02-20 18:03:43,557 INFO L290 TraceCheckUtils]: 93: Hoare triple {28276#true} ~chuck___0 := #in~chuck___0; {28276#true} is VALID [2022-02-20 18:03:43,557 INFO L272 TraceCheckUtils]: 94: Hoare triple {28276#true} call setClientId(~chuck___0, ~chuck___0); {28276#true} is VALID [2022-02-20 18:03:43,558 INFO L290 TraceCheckUtils]: 95: Hoare triple {28276#true} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:43,558 INFO L290 TraceCheckUtils]: 96: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:43,558 INFO L290 TraceCheckUtils]: 97: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,558 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {28276#true} {28276#true} #1617#return; {28276#true} is VALID [2022-02-20 18:03:43,558 INFO L290 TraceCheckUtils]: 99: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,558 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {28276#true} {28276#true} #1749#return; {28276#true} is VALID [2022-02-20 18:03:43,558 INFO L272 TraceCheckUtils]: 101: Hoare triple {28276#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {28276#true} is VALID [2022-02-20 18:03:43,558 INFO L290 TraceCheckUtils]: 102: Hoare triple {28276#true} ~handle := #in~handle;~value := #in~value; {28276#true} is VALID [2022-02-20 18:03:43,559 INFO L290 TraceCheckUtils]: 103: Hoare triple {28276#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28276#true} is VALID [2022-02-20 18:03:43,559 INFO L290 TraceCheckUtils]: 104: Hoare triple {28276#true} assume true; {28276#true} is VALID [2022-02-20 18:03:43,559 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {28276#true} {28276#true} #1751#return; {28276#true} is VALID [2022-02-20 18:03:43,559 INFO L290 TraceCheckUtils]: 106: Hoare triple {28276#true} assume { :end_inline_setup_chuck__role__Keys } true; {28276#true} is VALID [2022-02-20 18:03:43,559 INFO L290 TraceCheckUtils]: 107: Hoare triple {28276#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {28276#true} is VALID [2022-02-20 18:03:43,560 INFO L290 TraceCheckUtils]: 108: Hoare triple {28276#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {28719#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:03:43,560 INFO L290 TraceCheckUtils]: 109: Hoare triple {28719#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {28719#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:03:43,560 INFO L290 TraceCheckUtils]: 110: Hoare triple {28719#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {28277#false} is VALID [2022-02-20 18:03:43,560 INFO L290 TraceCheckUtils]: 111: Hoare triple {28277#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {28277#false} is VALID [2022-02-20 18:03:43,560 INFO L272 TraceCheckUtils]: 112: Hoare triple {28277#false} call sendEmail(~bob~0, ~rjh~0); {28277#false} is VALID [2022-02-20 18:03:43,561 INFO L290 TraceCheckUtils]: 113: Hoare triple {28277#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {28277#false} is VALID [2022-02-20 18:03:43,561 INFO L272 TraceCheckUtils]: 114: Hoare triple {28277#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {28277#false} is VALID [2022-02-20 18:03:43,561 INFO L290 TraceCheckUtils]: 115: Hoare triple {28277#false} ~handle := #in~handle;~value := #in~value; {28277#false} is VALID [2022-02-20 18:03:43,561 INFO L290 TraceCheckUtils]: 116: Hoare triple {28277#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28277#false} is VALID [2022-02-20 18:03:43,561 INFO L290 TraceCheckUtils]: 117: Hoare triple {28277#false} assume true; {28277#false} is VALID [2022-02-20 18:03:43,561 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {28277#false} {28277#false} #1639#return; {28277#false} is VALID [2022-02-20 18:03:43,561 INFO L272 TraceCheckUtils]: 119: Hoare triple {28277#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {28277#false} is VALID [2022-02-20 18:03:43,561 INFO L290 TraceCheckUtils]: 120: Hoare triple {28277#false} ~handle := #in~handle;~value := #in~value; {28277#false} is VALID [2022-02-20 18:03:43,562 INFO L290 TraceCheckUtils]: 121: Hoare triple {28277#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {28277#false} is VALID [2022-02-20 18:03:43,562 INFO L290 TraceCheckUtils]: 122: Hoare triple {28277#false} assume true; {28277#false} is VALID [2022-02-20 18:03:43,562 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {28277#false} {28277#false} #1641#return; {28277#false} is VALID [2022-02-20 18:03:43,562 INFO L290 TraceCheckUtils]: 124: Hoare triple {28277#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {28277#false} is VALID [2022-02-20 18:03:43,562 INFO L290 TraceCheckUtils]: 125: Hoare triple {28277#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {28277#false} is VALID [2022-02-20 18:03:43,562 INFO L272 TraceCheckUtils]: 126: Hoare triple {28277#false} call outgoing(~sender#1, ~email~0#1); {28277#false} is VALID [2022-02-20 18:03:43,562 INFO L290 TraceCheckUtils]: 127: Hoare triple {28277#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28277#false} is VALID [2022-02-20 18:03:43,562 INFO L290 TraceCheckUtils]: 128: Hoare triple {28277#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret27#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {28277#false} is VALID [2022-02-20 18:03:43,562 INFO L272 TraceCheckUtils]: 129: Hoare triple {28277#false} call sign_#t~ret27#1 := getClientPrivateKey(sign_~client#1); {28277#false} is VALID [2022-02-20 18:03:43,563 INFO L290 TraceCheckUtils]: 130: Hoare triple {28277#false} ~handle := #in~handle;havoc ~retValue_acc~31; {28277#false} is VALID [2022-02-20 18:03:43,563 INFO L290 TraceCheckUtils]: 131: Hoare triple {28277#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {28277#false} is VALID [2022-02-20 18:03:43,563 INFO L290 TraceCheckUtils]: 132: Hoare triple {28277#false} assume true; {28277#false} is VALID [2022-02-20 18:03:43,563 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {28277#false} {28277#false} #1581#return; {28277#false} is VALID [2022-02-20 18:03:43,563 INFO L290 TraceCheckUtils]: 134: Hoare triple {28277#false} assume -2147483648 <= sign_#t~ret27#1 && sign_#t~ret27#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret27#1;havoc sign_#t~ret27#1;sign_~privkey~1#1 := sign_~tmp~10#1; {28277#false} is VALID [2022-02-20 18:03:43,563 INFO L290 TraceCheckUtils]: 135: Hoare triple {28277#false} assume 0 == sign_~privkey~1#1; {28277#false} is VALID [2022-02-20 18:03:43,563 INFO L290 TraceCheckUtils]: 136: Hoare triple {28277#false} assume { :end_inline_sign } true; {28277#false} is VALID [2022-02-20 18:03:43,563 INFO L272 TraceCheckUtils]: 137: Hoare triple {28277#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {28277#false} is VALID [2022-02-20 18:03:43,564 INFO L290 TraceCheckUtils]: 138: Hoare triple {28277#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28277#false} is VALID [2022-02-20 18:03:43,564 INFO L290 TraceCheckUtils]: 139: Hoare triple {28277#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {28277#false} is VALID [2022-02-20 18:03:43,564 INFO L272 TraceCheckUtils]: 140: Hoare triple {28277#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {28277#false} is VALID [2022-02-20 18:03:43,564 INFO L290 TraceCheckUtils]: 141: Hoare triple {28277#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28277#false} is VALID [2022-02-20 18:03:43,564 INFO L290 TraceCheckUtils]: 142: Hoare triple {28277#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {28277#false} is VALID [2022-02-20 18:03:43,564 INFO L272 TraceCheckUtils]: 143: Hoare triple {28277#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {28277#false} is VALID [2022-02-20 18:03:43,564 INFO L290 TraceCheckUtils]: 144: Hoare triple {28277#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {28277#false} is VALID [2022-02-20 18:03:43,564 INFO L290 TraceCheckUtils]: 145: Hoare triple {28277#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {28277#false} is VALID [2022-02-20 18:03:43,565 INFO L290 TraceCheckUtils]: 146: Hoare triple {28277#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {28277#false} is VALID [2022-02-20 18:03:43,565 INFO L272 TraceCheckUtils]: 147: Hoare triple {28277#false} call setEmailFrom(~msg#1, ~tmp~1#1); {28277#false} is VALID [2022-02-20 18:03:43,565 INFO L290 TraceCheckUtils]: 148: Hoare triple {28277#false} ~handle := #in~handle;~value := #in~value; {28277#false} is VALID [2022-02-20 18:03:43,565 INFO L290 TraceCheckUtils]: 149: Hoare triple {28277#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28277#false} is VALID [2022-02-20 18:03:43,565 INFO L290 TraceCheckUtils]: 150: Hoare triple {28277#false} assume true; {28277#false} is VALID [2022-02-20 18:03:43,565 INFO L284 TraceCheckUtils]: 151: Hoare quadruple {28277#false} {28277#false} #1651#return; {28277#false} is VALID [2022-02-20 18:03:43,565 INFO L290 TraceCheckUtils]: 152: Hoare triple {28277#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {28277#false} is VALID [2022-02-20 18:03:43,565 INFO L272 TraceCheckUtils]: 153: Hoare triple {28277#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {28277#false} is VALID [2022-02-20 18:03:43,565 INFO L290 TraceCheckUtils]: 154: Hoare triple {28277#false} ~handle := #in~handle;havoc ~retValue_acc~8; {28277#false} is VALID [2022-02-20 18:03:43,566 INFO L290 TraceCheckUtils]: 155: Hoare triple {28277#false} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {28277#false} is VALID [2022-02-20 18:03:43,566 INFO L290 TraceCheckUtils]: 156: Hoare triple {28277#false} assume true; {28277#false} is VALID [2022-02-20 18:03:43,566 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {28277#false} {28277#false} #1653#return; {28277#false} is VALID [2022-02-20 18:03:43,566 INFO L290 TraceCheckUtils]: 158: Hoare triple {28277#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {28277#false} is VALID [2022-02-20 18:03:43,566 INFO L290 TraceCheckUtils]: 159: Hoare triple {28277#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {28277#false} is VALID [2022-02-20 18:03:43,566 INFO L272 TraceCheckUtils]: 160: Hoare triple {28277#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {28277#false} is VALID [2022-02-20 18:03:43,566 INFO L290 TraceCheckUtils]: 161: Hoare triple {28277#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {28277#false} is VALID [2022-02-20 18:03:43,566 INFO L290 TraceCheckUtils]: 162: Hoare triple {28277#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {28277#false} is VALID [2022-02-20 18:03:43,567 INFO L272 TraceCheckUtils]: 163: Hoare triple {28277#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {28277#false} is VALID [2022-02-20 18:03:43,567 INFO L290 TraceCheckUtils]: 164: Hoare triple {28277#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {28277#false} is VALID [2022-02-20 18:03:43,567 INFO L290 TraceCheckUtils]: 165: Hoare triple {28277#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {28277#false} is VALID [2022-02-20 18:03:43,567 INFO L272 TraceCheckUtils]: 166: Hoare triple {28277#false} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {28277#false} is VALID [2022-02-20 18:03:43,567 INFO L290 TraceCheckUtils]: 167: Hoare triple {28277#false} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {28277#false} is VALID [2022-02-20 18:03:43,567 INFO L290 TraceCheckUtils]: 168: Hoare triple {28277#false} assume true; {28277#false} is VALID [2022-02-20 18:03:43,567 INFO L284 TraceCheckUtils]: 169: Hoare quadruple {28277#false} {28277#false} #1797#return; {28277#false} is VALID [2022-02-20 18:03:43,567 INFO L290 TraceCheckUtils]: 170: Hoare triple {28277#false} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {28277#false} is VALID [2022-02-20 18:03:43,567 INFO L290 TraceCheckUtils]: 171: Hoare triple {28277#false} assume true; {28277#false} is VALID [2022-02-20 18:03:43,568 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {28277#false} {28277#false} #1587#return; {28277#false} is VALID [2022-02-20 18:03:43,568 INFO L290 TraceCheckUtils]: 173: Hoare triple {28277#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {28277#false} is VALID [2022-02-20 18:03:43,568 INFO L290 TraceCheckUtils]: 174: Hoare triple {28277#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {28277#false} is VALID [2022-02-20 18:03:43,568 INFO L290 TraceCheckUtils]: 175: Hoare triple {28277#false} assume !false; {28277#false} is VALID [2022-02-20 18:03:43,568 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 18:03:43,568 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:43,569 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [112699953] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:43,569 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:43,569 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 18:03:43,569 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [397643200] [2022-02-20 18:03:43,569 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:43,570 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 176 [2022-02-20 18:03:43,570 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:43,570 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:03:43,651 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 147 edges. 147 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:43,653 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:03:43,653 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:43,653 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:03:43,653 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:03:43,654 INFO L87 Difference]: Start difference. First operand 592 states and 847 transitions. Second operand has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:03:44,254 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:44,255 INFO L93 Difference]: Finished difference Result 916 states and 1293 transitions. [2022-02-20 18:03:44,255 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:03:44,255 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 176 [2022-02-20 18:03:44,255 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:44,256 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:03:44,264 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1289 transitions. [2022-02-20 18:03:44,265 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:03:44,274 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1289 transitions. [2022-02-20 18:03:44,274 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1289 transitions. [2022-02-20 18:03:45,068 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1289 edges. 1289 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:45,084 INFO L225 Difference]: With dead ends: 916 [2022-02-20 18:03:45,084 INFO L226 Difference]: Without dead ends: 595 [2022-02-20 18:03:45,085 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 229 GetRequests, 218 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:03:45,086 INFO L933 BasicCegarLoop]: 841 mSDtfsCounter, 1 mSDsluCounter, 839 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1680 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:45,086 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1680 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:03:45,087 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 595 states. [2022-02-20 18:03:45,103 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 595 to 594. [2022-02-20 18:03:45,104 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:45,105 INFO L82 GeneralOperation]: Start isEquivalent. First operand 595 states. Second operand has 594 states, 446 states have (on average 1.4484304932735426) internal successors, (646), 456 states have internal predecessors, (646), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) [2022-02-20 18:03:45,105 INFO L74 IsIncluded]: Start isIncluded. First operand 595 states. Second operand has 594 states, 446 states have (on average 1.4484304932735426) internal successors, (646), 456 states have internal predecessors, (646), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) [2022-02-20 18:03:45,106 INFO L87 Difference]: Start difference. First operand 595 states. Second operand has 594 states, 446 states have (on average 1.4484304932735426) internal successors, (646), 456 states have internal predecessors, (646), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) [2022-02-20 18:03:45,118 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:45,118 INFO L93 Difference]: Finished difference Result 595 states and 850 transitions. [2022-02-20 18:03:45,118 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 850 transitions. [2022-02-20 18:03:45,119 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:45,119 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:45,120 INFO L74 IsIncluded]: Start isIncluded. First operand has 594 states, 446 states have (on average 1.4484304932735426) internal successors, (646), 456 states have internal predecessors, (646), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) Second operand 595 states. [2022-02-20 18:03:45,121 INFO L87 Difference]: Start difference. First operand has 594 states, 446 states have (on average 1.4484304932735426) internal successors, (646), 456 states have internal predecessors, (646), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) Second operand 595 states. [2022-02-20 18:03:45,133 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:45,133 INFO L93 Difference]: Finished difference Result 595 states and 850 transitions. [2022-02-20 18:03:45,134 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 850 transitions. [2022-02-20 18:03:45,135 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:45,135 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:45,135 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:45,135 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:45,136 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 594 states, 446 states have (on average 1.4484304932735426) internal successors, (646), 456 states have internal predecessors, (646), 102 states have call successors, (102), 45 states have call predecessors, (102), 45 states have return successors, (101), 100 states have call predecessors, (101), 101 states have call successors, (101) [2022-02-20 18:03:45,152 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 594 states to 594 states and 849 transitions. [2022-02-20 18:03:45,152 INFO L78 Accepts]: Start accepts. Automaton has 594 states and 849 transitions. Word has length 176 [2022-02-20 18:03:45,152 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:45,152 INFO L470 AbstractCegarLoop]: Abstraction has 594 states and 849 transitions. [2022-02-20 18:03:45,153 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:03:45,153 INFO L276 IsEmpty]: Start isEmpty. Operand 594 states and 849 transitions. [2022-02-20 18:03:45,154 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 185 [2022-02-20 18:03:45,154 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:45,155 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:45,176 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:03:45,373 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6,2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:45,373 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:45,374 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:45,374 INFO L85 PathProgramCache]: Analyzing trace with hash 159335133, now seen corresponding path program 1 times [2022-02-20 18:03:45,374 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:45,374 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [79324574] [2022-02-20 18:03:45,374 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:45,374 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:45,425 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,449 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:03:45,451 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,453 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,453 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,453 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32196#true} {32196#true} #1721#return; {32196#true} is VALID [2022-02-20 18:03:45,453 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:03:45,455 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,457 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,457 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,457 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32196#true} {32196#true} #1723#return; {32196#true} is VALID [2022-02-20 18:03:45,457 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:03:45,459 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,460 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,460 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,460 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32196#true} {32196#true} #1725#return; {32196#true} is VALID [2022-02-20 18:03:45,460 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:45,462 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,464 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,464 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,464 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32196#true} {32196#true} #1727#return; {32196#true} is VALID [2022-02-20 18:03:45,464 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:03:45,465 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,467 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,467 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,467 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32196#true} {32196#true} #1729#return; {32196#true} is VALID [2022-02-20 18:03:45,467 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:03:45,469 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,471 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,471 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,471 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32196#true} {32196#true} #1731#return; {32196#true} is VALID [2022-02-20 18:03:45,471 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:03:45,473 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,474 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,474 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,474 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32196#true} {32196#true} #1733#return; {32196#true} is VALID [2022-02-20 18:03:45,474 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:03:45,476 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,477 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,477 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,477 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32196#true} {32196#true} #1735#return; {32196#true} is VALID [2022-02-20 18:03:45,482 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:03:45,484 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,485 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:45,486 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,487 INFO L290 TraceCheckUtils]: 0: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,488 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,488 INFO L290 TraceCheckUtils]: 2: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,488 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32196#true} {32196#true} #1719#return; {32196#true} is VALID [2022-02-20 18:03:45,488 INFO L290 TraceCheckUtils]: 0: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {32196#true} is VALID [2022-02-20 18:03:45,489 INFO L272 TraceCheckUtils]: 1: Hoare triple {32196#true} call setClientId(~bob___0, ~bob___0); {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:45,489 INFO L290 TraceCheckUtils]: 2: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,489 INFO L290 TraceCheckUtils]: 3: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,489 INFO L290 TraceCheckUtils]: 4: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,489 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {32196#true} {32196#true} #1719#return; {32196#true} is VALID [2022-02-20 18:03:45,489 INFO L290 TraceCheckUtils]: 6: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,489 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {32196#true} {32196#true} #1737#return; {32196#true} is VALID [2022-02-20 18:03:45,495 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:03:45,497 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,498 INFO L290 TraceCheckUtils]: 0: Hoare triple {32294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,498 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,498 INFO L290 TraceCheckUtils]: 2: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,499 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32196#true} {32196#true} #1739#return; {32196#true} is VALID [2022-02-20 18:03:45,499 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:03:45,500 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:45,515 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,531 INFO L290 TraceCheckUtils]: 0: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32301#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:45,531 INFO L290 TraceCheckUtils]: 1: Hoare triple {32301#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32302#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:45,532 INFO L290 TraceCheckUtils]: 2: Hoare triple {32302#(= |setClientId_#in~handle| 1)} assume true; {32302#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:45,532 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32302#(= |setClientId_#in~handle| 1)} {32295#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1671#return; {32300#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:45,532 INFO L290 TraceCheckUtils]: 0: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {32295#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:45,533 INFO L272 TraceCheckUtils]: 1: Hoare triple {32295#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:45,533 INFO L290 TraceCheckUtils]: 2: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32301#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:45,534 INFO L290 TraceCheckUtils]: 3: Hoare triple {32301#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32302#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:45,534 INFO L290 TraceCheckUtils]: 4: Hoare triple {32302#(= |setClientId_#in~handle| 1)} assume true; {32302#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:45,535 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {32302#(= |setClientId_#in~handle| 1)} {32295#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1671#return; {32300#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:45,535 INFO L290 TraceCheckUtils]: 6: Hoare triple {32300#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {32300#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:45,535 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {32300#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {32235#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1743#return; {32197#false} is VALID [2022-02-20 18:03:45,536 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:03:45,538 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,540 INFO L290 TraceCheckUtils]: 0: Hoare triple {32294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,540 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,540 INFO L290 TraceCheckUtils]: 2: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,540 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32196#true} {32197#false} #1745#return; {32197#false} is VALID [2022-02-20 18:03:45,540 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:03:45,542 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,544 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:45,544 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,545 INFO L290 TraceCheckUtils]: 0: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,546 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,546 INFO L290 TraceCheckUtils]: 2: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,546 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32196#true} {32196#true} #1617#return; {32196#true} is VALID [2022-02-20 18:03:45,546 INFO L290 TraceCheckUtils]: 0: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {32196#true} is VALID [2022-02-20 18:03:45,547 INFO L272 TraceCheckUtils]: 1: Hoare triple {32196#true} call setClientId(~chuck___0, ~chuck___0); {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:45,547 INFO L290 TraceCheckUtils]: 2: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,547 INFO L290 TraceCheckUtils]: 3: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,547 INFO L290 TraceCheckUtils]: 4: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,547 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {32196#true} {32196#true} #1617#return; {32196#true} is VALID [2022-02-20 18:03:45,547 INFO L290 TraceCheckUtils]: 6: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,547 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {32196#true} {32197#false} #1749#return; {32197#false} is VALID [2022-02-20 18:03:45,548 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:03:45,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,550 INFO L290 TraceCheckUtils]: 0: Hoare triple {32294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,550 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,550 INFO L290 TraceCheckUtils]: 2: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,550 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32196#true} {32197#false} #1751#return; {32197#false} is VALID [2022-02-20 18:03:45,558 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:03:45,559 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,563 INFO L290 TraceCheckUtils]: 0: Hoare triple {32307#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,563 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,563 INFO L290 TraceCheckUtils]: 2: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,563 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32196#true} {32197#false} #1639#return; {32197#false} is VALID [2022-02-20 18:03:45,572 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 18:03:45,572 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,575 INFO L290 TraceCheckUtils]: 0: Hoare triple {32308#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,575 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,575 INFO L290 TraceCheckUtils]: 2: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,575 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32196#true} {32197#false} #1641#return; {32197#false} is VALID [2022-02-20 18:03:45,576 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 137 [2022-02-20 18:03:45,576 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,577 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} ~handle := #in~handle;havoc ~retValue_acc~31; {32196#true} is VALID [2022-02-20 18:03:45,577 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {32196#true} is VALID [2022-02-20 18:03:45,578 INFO L290 TraceCheckUtils]: 2: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,578 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32196#true} {32197#false} #1581#return; {32197#false} is VALID [2022-02-20 18:03:45,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 155 [2022-02-20 18:03:45,578 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,580 INFO L290 TraceCheckUtils]: 0: Hoare triple {32307#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,580 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,580 INFO L290 TraceCheckUtils]: 2: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,580 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32196#true} {32197#false} #1651#return; {32197#false} is VALID [2022-02-20 18:03:45,580 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 161 [2022-02-20 18:03:45,581 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,582 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} ~handle := #in~handle;havoc ~retValue_acc~8; {32196#true} is VALID [2022-02-20 18:03:45,582 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {32196#true} is VALID [2022-02-20 18:03:45,582 INFO L290 TraceCheckUtils]: 2: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,582 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {32196#true} {32197#false} #1653#return; {32197#false} is VALID [2022-02-20 18:03:45,583 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 171 [2022-02-20 18:03:45,584 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,585 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:03:45,586 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,587 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {32196#true} is VALID [2022-02-20 18:03:45,587 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,587 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {32196#true} {32196#true} #1797#return; {32196#true} is VALID [2022-02-20 18:03:45,587 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {32196#true} is VALID [2022-02-20 18:03:45,587 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {32196#true} is VALID [2022-02-20 18:03:45,588 INFO L272 TraceCheckUtils]: 2: Hoare triple {32196#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {32196#true} is VALID [2022-02-20 18:03:45,588 INFO L290 TraceCheckUtils]: 3: Hoare triple {32196#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {32196#true} is VALID [2022-02-20 18:03:45,588 INFO L290 TraceCheckUtils]: 4: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,588 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {32196#true} {32196#true} #1797#return; {32196#true} is VALID [2022-02-20 18:03:45,588 INFO L290 TraceCheckUtils]: 6: Hoare triple {32196#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {32196#true} is VALID [2022-02-20 18:03:45,588 INFO L290 TraceCheckUtils]: 7: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,588 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {32196#true} {32197#false} #1587#return; {32197#false} is VALID [2022-02-20 18:03:45,588 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {32196#true} is VALID [2022-02-20 18:03:45,589 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {32196#true} is VALID [2022-02-20 18:03:45,589 INFO L290 TraceCheckUtils]: 2: Hoare triple {32196#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {32196#true} is VALID [2022-02-20 18:03:45,589 INFO L272 TraceCheckUtils]: 3: Hoare triple {32196#true} call select_features_#t~ret92#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:45,589 INFO L290 TraceCheckUtils]: 4: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,589 INFO L290 TraceCheckUtils]: 5: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,589 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {32196#true} {32196#true} #1721#return; {32196#true} is VALID [2022-02-20 18:03:45,589 INFO L290 TraceCheckUtils]: 7: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {32196#true} is VALID [2022-02-20 18:03:45,589 INFO L272 TraceCheckUtils]: 8: Hoare triple {32196#true} call select_features_#t~ret93#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:45,590 INFO L290 TraceCheckUtils]: 9: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,590 INFO L290 TraceCheckUtils]: 10: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,590 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {32196#true} {32196#true} #1723#return; {32196#true} is VALID [2022-02-20 18:03:45,590 INFO L290 TraceCheckUtils]: 12: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {32196#true} is VALID [2022-02-20 18:03:45,590 INFO L272 TraceCheckUtils]: 13: Hoare triple {32196#true} call select_features_#t~ret94#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:45,590 INFO L290 TraceCheckUtils]: 14: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,590 INFO L290 TraceCheckUtils]: 15: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,590 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {32196#true} {32196#true} #1725#return; {32196#true} is VALID [2022-02-20 18:03:45,590 INFO L290 TraceCheckUtils]: 17: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {32196#true} is VALID [2022-02-20 18:03:45,591 INFO L272 TraceCheckUtils]: 18: Hoare triple {32196#true} call select_features_#t~ret95#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:45,591 INFO L290 TraceCheckUtils]: 19: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,591 INFO L290 TraceCheckUtils]: 20: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,591 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {32196#true} {32196#true} #1727#return; {32196#true} is VALID [2022-02-20 18:03:45,591 INFO L290 TraceCheckUtils]: 22: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {32196#true} is VALID [2022-02-20 18:03:45,592 INFO L272 TraceCheckUtils]: 23: Hoare triple {32196#true} call select_features_#t~ret96#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:45,592 INFO L290 TraceCheckUtils]: 24: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,592 INFO L290 TraceCheckUtils]: 25: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,592 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {32196#true} {32196#true} #1729#return; {32196#true} is VALID [2022-02-20 18:03:45,592 INFO L290 TraceCheckUtils]: 27: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {32196#true} is VALID [2022-02-20 18:03:45,592 INFO L272 TraceCheckUtils]: 28: Hoare triple {32196#true} call select_features_#t~ret97#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:45,592 INFO L290 TraceCheckUtils]: 29: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,592 INFO L290 TraceCheckUtils]: 30: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,592 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {32196#true} {32196#true} #1731#return; {32196#true} is VALID [2022-02-20 18:03:45,593 INFO L290 TraceCheckUtils]: 32: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {32196#true} is VALID [2022-02-20 18:03:45,593 INFO L272 TraceCheckUtils]: 33: Hoare triple {32196#true} call select_features_#t~ret98#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:45,593 INFO L290 TraceCheckUtils]: 34: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,593 INFO L290 TraceCheckUtils]: 35: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,593 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {32196#true} {32196#true} #1733#return; {32196#true} is VALID [2022-02-20 18:03:45,594 INFO L290 TraceCheckUtils]: 37: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {32196#true} is VALID [2022-02-20 18:03:45,594 INFO L272 TraceCheckUtils]: 38: Hoare triple {32196#true} call select_features_#t~ret99#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:45,594 INFO L290 TraceCheckUtils]: 39: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:45,594 INFO L290 TraceCheckUtils]: 40: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,594 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {32196#true} {32196#true} #1735#return; {32196#true} is VALID [2022-02-20 18:03:45,594 INFO L290 TraceCheckUtils]: 42: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {32196#true} is VALID [2022-02-20 18:03:45,595 INFO L290 TraceCheckUtils]: 43: Hoare triple {32196#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {32196#true} is VALID [2022-02-20 18:03:45,595 INFO L290 TraceCheckUtils]: 44: Hoare triple {32196#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {32196#true} is VALID [2022-02-20 18:03:45,595 INFO L290 TraceCheckUtils]: 45: Hoare triple {32196#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {32196#true} is VALID [2022-02-20 18:03:45,595 INFO L290 TraceCheckUtils]: 46: Hoare triple {32196#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {32196#true} is VALID [2022-02-20 18:03:45,595 INFO L290 TraceCheckUtils]: 47: Hoare triple {32196#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {32196#true} is VALID [2022-02-20 18:03:45,595 INFO L290 TraceCheckUtils]: 48: Hoare triple {32196#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {32196#true} is VALID [2022-02-20 18:03:45,595 INFO L290 TraceCheckUtils]: 49: Hoare triple {32196#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {32196#true} is VALID [2022-02-20 18:03:45,595 INFO L290 TraceCheckUtils]: 50: Hoare triple {32196#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {32196#true} is VALID [2022-02-20 18:03:45,595 INFO L290 TraceCheckUtils]: 51: Hoare triple {32196#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {32196#true} is VALID [2022-02-20 18:03:45,596 INFO L290 TraceCheckUtils]: 52: Hoare triple {32196#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {32196#true} is VALID [2022-02-20 18:03:45,596 INFO L290 TraceCheckUtils]: 53: Hoare triple {32196#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~24#1 := 1; {32196#true} is VALID [2022-02-20 18:03:45,596 INFO L290 TraceCheckUtils]: 54: Hoare triple {32196#true} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {32196#true} is VALID [2022-02-20 18:03:45,596 INFO L290 TraceCheckUtils]: 55: Hoare triple {32196#true} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {32196#true} is VALID [2022-02-20 18:03:45,596 INFO L290 TraceCheckUtils]: 56: Hoare triple {32196#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {32196#true} is VALID [2022-02-20 18:03:45,596 INFO L290 TraceCheckUtils]: 57: Hoare triple {32196#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {32196#true} is VALID [2022-02-20 18:03:45,597 INFO L272 TraceCheckUtils]: 58: Hoare triple {32196#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:45,597 INFO L290 TraceCheckUtils]: 59: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {32196#true} is VALID [2022-02-20 18:03:45,598 INFO L272 TraceCheckUtils]: 60: Hoare triple {32196#true} call setClientId(~bob___0, ~bob___0); {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:45,598 INFO L290 TraceCheckUtils]: 61: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,598 INFO L290 TraceCheckUtils]: 62: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,598 INFO L290 TraceCheckUtils]: 63: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,598 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {32196#true} {32196#true} #1719#return; {32196#true} is VALID [2022-02-20 18:03:45,598 INFO L290 TraceCheckUtils]: 65: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,598 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {32196#true} {32196#true} #1737#return; {32196#true} is VALID [2022-02-20 18:03:45,599 INFO L272 TraceCheckUtils]: 67: Hoare triple {32196#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {32294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:45,599 INFO L290 TraceCheckUtils]: 68: Hoare triple {32294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,599 INFO L290 TraceCheckUtils]: 69: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,599 INFO L290 TraceCheckUtils]: 70: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,599 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {32196#true} {32196#true} #1739#return; {32196#true} is VALID [2022-02-20 18:03:45,599 INFO L290 TraceCheckUtils]: 72: Hoare triple {32196#true} assume { :end_inline_setup_bob__role__Keys } true; {32196#true} is VALID [2022-02-20 18:03:45,600 INFO L290 TraceCheckUtils]: 73: Hoare triple {32196#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {32234#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:45,600 INFO L290 TraceCheckUtils]: 74: Hoare triple {32234#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {32235#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:45,601 INFO L272 TraceCheckUtils]: 75: Hoare triple {32235#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:45,601 INFO L290 TraceCheckUtils]: 76: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {32295#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:45,602 INFO L272 TraceCheckUtils]: 77: Hoare triple {32295#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:45,602 INFO L290 TraceCheckUtils]: 78: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32301#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:45,602 INFO L290 TraceCheckUtils]: 79: Hoare triple {32301#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32302#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:45,603 INFO L290 TraceCheckUtils]: 80: Hoare triple {32302#(= |setClientId_#in~handle| 1)} assume true; {32302#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:45,603 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {32302#(= |setClientId_#in~handle| 1)} {32295#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1671#return; {32300#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:45,604 INFO L290 TraceCheckUtils]: 82: Hoare triple {32300#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {32300#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:45,604 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {32300#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {32235#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1743#return; {32197#false} is VALID [2022-02-20 18:03:45,604 INFO L272 TraceCheckUtils]: 84: Hoare triple {32197#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {32294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:45,604 INFO L290 TraceCheckUtils]: 85: Hoare triple {32294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,604 INFO L290 TraceCheckUtils]: 86: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,604 INFO L290 TraceCheckUtils]: 87: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,605 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {32196#true} {32197#false} #1745#return; {32197#false} is VALID [2022-02-20 18:03:45,605 INFO L290 TraceCheckUtils]: 89: Hoare triple {32197#false} assume { :end_inline_setup_rjh__role__Keys } true; {32197#false} is VALID [2022-02-20 18:03:45,605 INFO L290 TraceCheckUtils]: 90: Hoare triple {32197#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {32197#false} is VALID [2022-02-20 18:03:45,605 INFO L290 TraceCheckUtils]: 91: Hoare triple {32197#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {32197#false} is VALID [2022-02-20 18:03:45,605 INFO L272 TraceCheckUtils]: 92: Hoare triple {32197#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:45,605 INFO L290 TraceCheckUtils]: 93: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {32196#true} is VALID [2022-02-20 18:03:45,606 INFO L272 TraceCheckUtils]: 94: Hoare triple {32196#true} call setClientId(~chuck___0, ~chuck___0); {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:45,606 INFO L290 TraceCheckUtils]: 95: Hoare triple {32289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,606 INFO L290 TraceCheckUtils]: 96: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,606 INFO L290 TraceCheckUtils]: 97: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,606 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {32196#true} {32196#true} #1617#return; {32196#true} is VALID [2022-02-20 18:03:45,606 INFO L290 TraceCheckUtils]: 99: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,606 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {32196#true} {32197#false} #1749#return; {32197#false} is VALID [2022-02-20 18:03:45,607 INFO L272 TraceCheckUtils]: 101: Hoare triple {32197#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {32294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:45,607 INFO L290 TraceCheckUtils]: 102: Hoare triple {32294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,607 INFO L290 TraceCheckUtils]: 103: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,607 INFO L290 TraceCheckUtils]: 104: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,607 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {32196#true} {32197#false} #1751#return; {32197#false} is VALID [2022-02-20 18:03:45,607 INFO L290 TraceCheckUtils]: 106: Hoare triple {32197#false} assume { :end_inline_setup_chuck__role__Keys } true; {32197#false} is VALID [2022-02-20 18:03:45,607 INFO L290 TraceCheckUtils]: 107: Hoare triple {32197#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {32197#false} is VALID [2022-02-20 18:03:45,607 INFO L290 TraceCheckUtils]: 108: Hoare triple {32197#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {32197#false} is VALID [2022-02-20 18:03:45,607 INFO L290 TraceCheckUtils]: 109: Hoare triple {32197#false} assume !false; {32197#false} is VALID [2022-02-20 18:03:45,608 INFO L290 TraceCheckUtils]: 110: Hoare triple {32197#false} assume test_~splverifierCounter~0#1 < 4; {32197#false} is VALID [2022-02-20 18:03:45,608 INFO L290 TraceCheckUtils]: 111: Hoare triple {32197#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {32197#false} is VALID [2022-02-20 18:03:45,608 INFO L290 TraceCheckUtils]: 112: Hoare triple {32197#false} assume !(0 == test_~op1~0#1); {32197#false} is VALID [2022-02-20 18:03:45,609 INFO L290 TraceCheckUtils]: 113: Hoare triple {32197#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet81#1 && test_#t~nondet81#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet81#1;havoc test_#t~nondet81#1; {32197#false} is VALID [2022-02-20 18:03:45,609 INFO L290 TraceCheckUtils]: 114: Hoare triple {32197#false} assume 0 != test_~tmp___8~0#1; {32197#false} is VALID [2022-02-20 18:03:45,609 INFO L290 TraceCheckUtils]: 115: Hoare triple {32197#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {32197#false} is VALID [2022-02-20 18:03:45,609 INFO L290 TraceCheckUtils]: 116: Hoare triple {32197#false} test_~op2~0#1 := 1; {32197#false} is VALID [2022-02-20 18:03:45,610 INFO L290 TraceCheckUtils]: 117: Hoare triple {32197#false} assume !false; {32197#false} is VALID [2022-02-20 18:03:45,610 INFO L290 TraceCheckUtils]: 118: Hoare triple {32197#false} assume !(test_~splverifierCounter~0#1 < 4); {32197#false} is VALID [2022-02-20 18:03:45,610 INFO L290 TraceCheckUtils]: 119: Hoare triple {32197#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {32197#false} is VALID [2022-02-20 18:03:45,610 INFO L272 TraceCheckUtils]: 120: Hoare triple {32197#false} call sendEmail(~bob~0, ~rjh~0); {32197#false} is VALID [2022-02-20 18:03:45,610 INFO L290 TraceCheckUtils]: 121: Hoare triple {32197#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {32197#false} is VALID [2022-02-20 18:03:45,610 INFO L272 TraceCheckUtils]: 122: Hoare triple {32197#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {32307#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:45,610 INFO L290 TraceCheckUtils]: 123: Hoare triple {32307#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,610 INFO L290 TraceCheckUtils]: 124: Hoare triple {32196#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,611 INFO L290 TraceCheckUtils]: 125: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,611 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {32196#true} {32197#false} #1639#return; {32197#false} is VALID [2022-02-20 18:03:45,611 INFO L272 TraceCheckUtils]: 127: Hoare triple {32197#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {32308#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:45,611 INFO L290 TraceCheckUtils]: 128: Hoare triple {32308#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,611 INFO L290 TraceCheckUtils]: 129: Hoare triple {32196#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,611 INFO L290 TraceCheckUtils]: 130: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,611 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {32196#true} {32197#false} #1641#return; {32197#false} is VALID [2022-02-20 18:03:45,611 INFO L290 TraceCheckUtils]: 132: Hoare triple {32197#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {32197#false} is VALID [2022-02-20 18:03:45,611 INFO L290 TraceCheckUtils]: 133: Hoare triple {32197#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {32197#false} is VALID [2022-02-20 18:03:45,612 INFO L272 TraceCheckUtils]: 134: Hoare triple {32197#false} call outgoing(~sender#1, ~email~0#1); {32197#false} is VALID [2022-02-20 18:03:45,612 INFO L290 TraceCheckUtils]: 135: Hoare triple {32197#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32197#false} is VALID [2022-02-20 18:03:45,612 INFO L290 TraceCheckUtils]: 136: Hoare triple {32197#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret27#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {32197#false} is VALID [2022-02-20 18:03:45,612 INFO L272 TraceCheckUtils]: 137: Hoare triple {32197#false} call sign_#t~ret27#1 := getClientPrivateKey(sign_~client#1); {32196#true} is VALID [2022-02-20 18:03:45,612 INFO L290 TraceCheckUtils]: 138: Hoare triple {32196#true} ~handle := #in~handle;havoc ~retValue_acc~31; {32196#true} is VALID [2022-02-20 18:03:45,612 INFO L290 TraceCheckUtils]: 139: Hoare triple {32196#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {32196#true} is VALID [2022-02-20 18:03:45,612 INFO L290 TraceCheckUtils]: 140: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,612 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {32196#true} {32197#false} #1581#return; {32197#false} is VALID [2022-02-20 18:03:45,613 INFO L290 TraceCheckUtils]: 142: Hoare triple {32197#false} assume -2147483648 <= sign_#t~ret27#1 && sign_#t~ret27#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret27#1;havoc sign_#t~ret27#1;sign_~privkey~1#1 := sign_~tmp~10#1; {32197#false} is VALID [2022-02-20 18:03:45,613 INFO L290 TraceCheckUtils]: 143: Hoare triple {32197#false} assume 0 == sign_~privkey~1#1; {32197#false} is VALID [2022-02-20 18:03:45,613 INFO L290 TraceCheckUtils]: 144: Hoare triple {32197#false} assume { :end_inline_sign } true; {32197#false} is VALID [2022-02-20 18:03:45,613 INFO L272 TraceCheckUtils]: 145: Hoare triple {32197#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {32197#false} is VALID [2022-02-20 18:03:45,613 INFO L290 TraceCheckUtils]: 146: Hoare triple {32197#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32197#false} is VALID [2022-02-20 18:03:45,613 INFO L290 TraceCheckUtils]: 147: Hoare triple {32197#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {32197#false} is VALID [2022-02-20 18:03:45,613 INFO L272 TraceCheckUtils]: 148: Hoare triple {32197#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {32197#false} is VALID [2022-02-20 18:03:45,613 INFO L290 TraceCheckUtils]: 149: Hoare triple {32197#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32197#false} is VALID [2022-02-20 18:03:45,613 INFO L290 TraceCheckUtils]: 150: Hoare triple {32197#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {32197#false} is VALID [2022-02-20 18:03:45,614 INFO L272 TraceCheckUtils]: 151: Hoare triple {32197#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {32197#false} is VALID [2022-02-20 18:03:45,614 INFO L290 TraceCheckUtils]: 152: Hoare triple {32197#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {32197#false} is VALID [2022-02-20 18:03:45,614 INFO L290 TraceCheckUtils]: 153: Hoare triple {32197#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {32197#false} is VALID [2022-02-20 18:03:45,614 INFO L290 TraceCheckUtils]: 154: Hoare triple {32197#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {32197#false} is VALID [2022-02-20 18:03:45,614 INFO L272 TraceCheckUtils]: 155: Hoare triple {32197#false} call setEmailFrom(~msg#1, ~tmp~1#1); {32307#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:45,614 INFO L290 TraceCheckUtils]: 156: Hoare triple {32307#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:45,614 INFO L290 TraceCheckUtils]: 157: Hoare triple {32196#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:45,614 INFO L290 TraceCheckUtils]: 158: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,614 INFO L284 TraceCheckUtils]: 159: Hoare quadruple {32196#true} {32197#false} #1651#return; {32197#false} is VALID [2022-02-20 18:03:45,615 INFO L290 TraceCheckUtils]: 160: Hoare triple {32197#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {32197#false} is VALID [2022-02-20 18:03:45,615 INFO L272 TraceCheckUtils]: 161: Hoare triple {32197#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {32196#true} is VALID [2022-02-20 18:03:45,615 INFO L290 TraceCheckUtils]: 162: Hoare triple {32196#true} ~handle := #in~handle;havoc ~retValue_acc~8; {32196#true} is VALID [2022-02-20 18:03:45,615 INFO L290 TraceCheckUtils]: 163: Hoare triple {32196#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {32196#true} is VALID [2022-02-20 18:03:45,615 INFO L290 TraceCheckUtils]: 164: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,615 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {32196#true} {32197#false} #1653#return; {32197#false} is VALID [2022-02-20 18:03:45,615 INFO L290 TraceCheckUtils]: 166: Hoare triple {32197#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {32197#false} is VALID [2022-02-20 18:03:45,615 INFO L290 TraceCheckUtils]: 167: Hoare triple {32197#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {32197#false} is VALID [2022-02-20 18:03:45,616 INFO L272 TraceCheckUtils]: 168: Hoare triple {32197#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {32197#false} is VALID [2022-02-20 18:03:45,616 INFO L290 TraceCheckUtils]: 169: Hoare triple {32197#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32197#false} is VALID [2022-02-20 18:03:45,616 INFO L290 TraceCheckUtils]: 170: Hoare triple {32197#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {32197#false} is VALID [2022-02-20 18:03:45,616 INFO L272 TraceCheckUtils]: 171: Hoare triple {32197#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {32196#true} is VALID [2022-02-20 18:03:45,616 INFO L290 TraceCheckUtils]: 172: Hoare triple {32196#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {32196#true} is VALID [2022-02-20 18:03:45,616 INFO L290 TraceCheckUtils]: 173: Hoare triple {32196#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {32196#true} is VALID [2022-02-20 18:03:45,616 INFO L272 TraceCheckUtils]: 174: Hoare triple {32196#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {32196#true} is VALID [2022-02-20 18:03:45,616 INFO L290 TraceCheckUtils]: 175: Hoare triple {32196#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {32196#true} is VALID [2022-02-20 18:03:45,616 INFO L290 TraceCheckUtils]: 176: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,617 INFO L284 TraceCheckUtils]: 177: Hoare quadruple {32196#true} {32196#true} #1797#return; {32196#true} is VALID [2022-02-20 18:03:45,617 INFO L290 TraceCheckUtils]: 178: Hoare triple {32196#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {32196#true} is VALID [2022-02-20 18:03:45,617 INFO L290 TraceCheckUtils]: 179: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:45,617 INFO L284 TraceCheckUtils]: 180: Hoare quadruple {32196#true} {32197#false} #1587#return; {32197#false} is VALID [2022-02-20 18:03:45,617 INFO L290 TraceCheckUtils]: 181: Hoare triple {32197#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {32197#false} is VALID [2022-02-20 18:03:45,617 INFO L290 TraceCheckUtils]: 182: Hoare triple {32197#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {32197#false} is VALID [2022-02-20 18:03:45,617 INFO L290 TraceCheckUtils]: 183: Hoare triple {32197#false} assume !false; {32197#false} is VALID [2022-02-20 18:03:45,618 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2022-02-20 18:03:45,618 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:45,618 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [79324574] [2022-02-20 18:03:45,618 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [79324574] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:45,618 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1710873521] [2022-02-20 18:03:45,618 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:45,618 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:45,619 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:45,620 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:45,658 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:03:45,900 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,904 INFO L263 TraceCheckSpWp]: Trace formula consists of 1503 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:03:45,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,964 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:46,364 INFO L290 TraceCheckUtils]: 0: Hoare triple {32196#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {32196#true} is VALID [2022-02-20 18:03:46,364 INFO L290 TraceCheckUtils]: 1: Hoare triple {32196#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {32196#true} is VALID [2022-02-20 18:03:46,364 INFO L290 TraceCheckUtils]: 2: Hoare triple {32196#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {32196#true} is VALID [2022-02-20 18:03:46,365 INFO L272 TraceCheckUtils]: 3: Hoare triple {32196#true} call select_features_#t~ret92#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:46,365 INFO L290 TraceCheckUtils]: 4: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:46,365 INFO L290 TraceCheckUtils]: 5: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,365 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {32196#true} {32196#true} #1721#return; {32196#true} is VALID [2022-02-20 18:03:46,365 INFO L290 TraceCheckUtils]: 7: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {32196#true} is VALID [2022-02-20 18:03:46,365 INFO L272 TraceCheckUtils]: 8: Hoare triple {32196#true} call select_features_#t~ret93#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:46,365 INFO L290 TraceCheckUtils]: 9: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:46,365 INFO L290 TraceCheckUtils]: 10: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,366 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {32196#true} {32196#true} #1723#return; {32196#true} is VALID [2022-02-20 18:03:46,366 INFO L290 TraceCheckUtils]: 12: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {32196#true} is VALID [2022-02-20 18:03:46,366 INFO L272 TraceCheckUtils]: 13: Hoare triple {32196#true} call select_features_#t~ret94#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:46,366 INFO L290 TraceCheckUtils]: 14: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:46,366 INFO L290 TraceCheckUtils]: 15: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,366 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {32196#true} {32196#true} #1725#return; {32196#true} is VALID [2022-02-20 18:03:46,366 INFO L290 TraceCheckUtils]: 17: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {32196#true} is VALID [2022-02-20 18:03:46,366 INFO L272 TraceCheckUtils]: 18: Hoare triple {32196#true} call select_features_#t~ret95#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:46,366 INFO L290 TraceCheckUtils]: 19: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:46,367 INFO L290 TraceCheckUtils]: 20: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,367 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {32196#true} {32196#true} #1727#return; {32196#true} is VALID [2022-02-20 18:03:46,367 INFO L290 TraceCheckUtils]: 22: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {32196#true} is VALID [2022-02-20 18:03:46,367 INFO L272 TraceCheckUtils]: 23: Hoare triple {32196#true} call select_features_#t~ret96#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:46,367 INFO L290 TraceCheckUtils]: 24: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:46,367 INFO L290 TraceCheckUtils]: 25: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,367 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {32196#true} {32196#true} #1729#return; {32196#true} is VALID [2022-02-20 18:03:46,367 INFO L290 TraceCheckUtils]: 27: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {32196#true} is VALID [2022-02-20 18:03:46,368 INFO L272 TraceCheckUtils]: 28: Hoare triple {32196#true} call select_features_#t~ret97#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:46,368 INFO L290 TraceCheckUtils]: 29: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:46,368 INFO L290 TraceCheckUtils]: 30: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,368 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {32196#true} {32196#true} #1731#return; {32196#true} is VALID [2022-02-20 18:03:46,368 INFO L290 TraceCheckUtils]: 32: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {32196#true} is VALID [2022-02-20 18:03:46,368 INFO L272 TraceCheckUtils]: 33: Hoare triple {32196#true} call select_features_#t~ret98#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:46,368 INFO L290 TraceCheckUtils]: 34: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:46,368 INFO L290 TraceCheckUtils]: 35: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,369 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {32196#true} {32196#true} #1733#return; {32196#true} is VALID [2022-02-20 18:03:46,369 INFO L290 TraceCheckUtils]: 37: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {32196#true} is VALID [2022-02-20 18:03:46,369 INFO L272 TraceCheckUtils]: 38: Hoare triple {32196#true} call select_features_#t~ret99#1 := select_one(); {32196#true} is VALID [2022-02-20 18:03:46,369 INFO L290 TraceCheckUtils]: 39: Hoare triple {32196#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {32196#true} is VALID [2022-02-20 18:03:46,369 INFO L290 TraceCheckUtils]: 40: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,369 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {32196#true} {32196#true} #1735#return; {32196#true} is VALID [2022-02-20 18:03:46,369 INFO L290 TraceCheckUtils]: 42: Hoare triple {32196#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {32196#true} is VALID [2022-02-20 18:03:46,369 INFO L290 TraceCheckUtils]: 43: Hoare triple {32196#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {32196#true} is VALID [2022-02-20 18:03:46,370 INFO L290 TraceCheckUtils]: 44: Hoare triple {32196#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {32196#true} is VALID [2022-02-20 18:03:46,370 INFO L290 TraceCheckUtils]: 45: Hoare triple {32196#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {32196#true} is VALID [2022-02-20 18:03:46,370 INFO L290 TraceCheckUtils]: 46: Hoare triple {32196#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {32196#true} is VALID [2022-02-20 18:03:46,370 INFO L290 TraceCheckUtils]: 47: Hoare triple {32196#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {32196#true} is VALID [2022-02-20 18:03:46,370 INFO L290 TraceCheckUtils]: 48: Hoare triple {32196#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {32196#true} is VALID [2022-02-20 18:03:46,370 INFO L290 TraceCheckUtils]: 49: Hoare triple {32196#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {32196#true} is VALID [2022-02-20 18:03:46,370 INFO L290 TraceCheckUtils]: 50: Hoare triple {32196#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {32196#true} is VALID [2022-02-20 18:03:46,370 INFO L290 TraceCheckUtils]: 51: Hoare triple {32196#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {32196#true} is VALID [2022-02-20 18:03:46,370 INFO L290 TraceCheckUtils]: 52: Hoare triple {32196#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {32196#true} is VALID [2022-02-20 18:03:46,371 INFO L290 TraceCheckUtils]: 53: Hoare triple {32196#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~24#1 := 1; {32196#true} is VALID [2022-02-20 18:03:46,371 INFO L290 TraceCheckUtils]: 54: Hoare triple {32196#true} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {32196#true} is VALID [2022-02-20 18:03:46,371 INFO L290 TraceCheckUtils]: 55: Hoare triple {32196#true} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {32196#true} is VALID [2022-02-20 18:03:46,371 INFO L290 TraceCheckUtils]: 56: Hoare triple {32196#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {32196#true} is VALID [2022-02-20 18:03:46,371 INFO L290 TraceCheckUtils]: 57: Hoare triple {32196#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {32196#true} is VALID [2022-02-20 18:03:46,371 INFO L272 TraceCheckUtils]: 58: Hoare triple {32196#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {32196#true} is VALID [2022-02-20 18:03:46,371 INFO L290 TraceCheckUtils]: 59: Hoare triple {32196#true} ~bob___0 := #in~bob___0; {32196#true} is VALID [2022-02-20 18:03:46,371 INFO L272 TraceCheckUtils]: 60: Hoare triple {32196#true} call setClientId(~bob___0, ~bob___0); {32196#true} is VALID [2022-02-20 18:03:46,372 INFO L290 TraceCheckUtils]: 61: Hoare triple {32196#true} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:46,372 INFO L290 TraceCheckUtils]: 62: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:46,372 INFO L290 TraceCheckUtils]: 63: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,372 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {32196#true} {32196#true} #1719#return; {32196#true} is VALID [2022-02-20 18:03:46,372 INFO L290 TraceCheckUtils]: 65: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,372 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {32196#true} {32196#true} #1737#return; {32196#true} is VALID [2022-02-20 18:03:46,372 INFO L272 TraceCheckUtils]: 67: Hoare triple {32196#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {32196#true} is VALID [2022-02-20 18:03:46,372 INFO L290 TraceCheckUtils]: 68: Hoare triple {32196#true} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:46,373 INFO L290 TraceCheckUtils]: 69: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:46,373 INFO L290 TraceCheckUtils]: 70: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,373 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {32196#true} {32196#true} #1739#return; {32196#true} is VALID [2022-02-20 18:03:46,373 INFO L290 TraceCheckUtils]: 72: Hoare triple {32196#true} assume { :end_inline_setup_bob__role__Keys } true; {32196#true} is VALID [2022-02-20 18:03:46,373 INFO L290 TraceCheckUtils]: 73: Hoare triple {32196#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {32196#true} is VALID [2022-02-20 18:03:46,373 INFO L290 TraceCheckUtils]: 74: Hoare triple {32196#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {32196#true} is VALID [2022-02-20 18:03:46,373 INFO L272 TraceCheckUtils]: 75: Hoare triple {32196#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {32196#true} is VALID [2022-02-20 18:03:46,373 INFO L290 TraceCheckUtils]: 76: Hoare triple {32196#true} ~rjh___0 := #in~rjh___0; {32196#true} is VALID [2022-02-20 18:03:46,373 INFO L272 TraceCheckUtils]: 77: Hoare triple {32196#true} call setClientId(~rjh___0, ~rjh___0); {32196#true} is VALID [2022-02-20 18:03:46,374 INFO L290 TraceCheckUtils]: 78: Hoare triple {32196#true} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:46,374 INFO L290 TraceCheckUtils]: 79: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:46,374 INFO L290 TraceCheckUtils]: 80: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,374 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {32196#true} {32196#true} #1671#return; {32196#true} is VALID [2022-02-20 18:03:46,374 INFO L290 TraceCheckUtils]: 82: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,374 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {32196#true} {32196#true} #1743#return; {32196#true} is VALID [2022-02-20 18:03:46,374 INFO L272 TraceCheckUtils]: 84: Hoare triple {32196#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {32196#true} is VALID [2022-02-20 18:03:46,374 INFO L290 TraceCheckUtils]: 85: Hoare triple {32196#true} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:46,375 INFO L290 TraceCheckUtils]: 86: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:46,375 INFO L290 TraceCheckUtils]: 87: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,375 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {32196#true} {32196#true} #1745#return; {32196#true} is VALID [2022-02-20 18:03:46,375 INFO L290 TraceCheckUtils]: 89: Hoare triple {32196#true} assume { :end_inline_setup_rjh__role__Keys } true; {32196#true} is VALID [2022-02-20 18:03:46,375 INFO L290 TraceCheckUtils]: 90: Hoare triple {32196#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {32196#true} is VALID [2022-02-20 18:03:46,375 INFO L290 TraceCheckUtils]: 91: Hoare triple {32196#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {32196#true} is VALID [2022-02-20 18:03:46,375 INFO L272 TraceCheckUtils]: 92: Hoare triple {32196#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {32196#true} is VALID [2022-02-20 18:03:46,375 INFO L290 TraceCheckUtils]: 93: Hoare triple {32196#true} ~chuck___0 := #in~chuck___0; {32196#true} is VALID [2022-02-20 18:03:46,376 INFO L272 TraceCheckUtils]: 94: Hoare triple {32196#true} call setClientId(~chuck___0, ~chuck___0); {32196#true} is VALID [2022-02-20 18:03:46,376 INFO L290 TraceCheckUtils]: 95: Hoare triple {32196#true} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:46,376 INFO L290 TraceCheckUtils]: 96: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:46,376 INFO L290 TraceCheckUtils]: 97: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,376 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {32196#true} {32196#true} #1617#return; {32196#true} is VALID [2022-02-20 18:03:46,376 INFO L290 TraceCheckUtils]: 99: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,376 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {32196#true} {32196#true} #1749#return; {32196#true} is VALID [2022-02-20 18:03:46,376 INFO L272 TraceCheckUtils]: 101: Hoare triple {32196#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {32196#true} is VALID [2022-02-20 18:03:46,377 INFO L290 TraceCheckUtils]: 102: Hoare triple {32196#true} ~handle := #in~handle;~value := #in~value; {32196#true} is VALID [2022-02-20 18:03:46,377 INFO L290 TraceCheckUtils]: 103: Hoare triple {32196#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {32196#true} is VALID [2022-02-20 18:03:46,377 INFO L290 TraceCheckUtils]: 104: Hoare triple {32196#true} assume true; {32196#true} is VALID [2022-02-20 18:03:46,377 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {32196#true} {32196#true} #1751#return; {32196#true} is VALID [2022-02-20 18:03:46,377 INFO L290 TraceCheckUtils]: 106: Hoare triple {32196#true} assume { :end_inline_setup_chuck__role__Keys } true; {32196#true} is VALID [2022-02-20 18:03:46,377 INFO L290 TraceCheckUtils]: 107: Hoare triple {32196#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {32196#true} is VALID [2022-02-20 18:03:46,378 INFO L290 TraceCheckUtils]: 108: Hoare triple {32196#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {32639#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:03:46,378 INFO L290 TraceCheckUtils]: 109: Hoare triple {32639#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {32639#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:03:46,378 INFO L290 TraceCheckUtils]: 110: Hoare triple {32639#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {32639#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:03:46,378 INFO L290 TraceCheckUtils]: 111: Hoare triple {32639#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {32639#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:03:46,379 INFO L290 TraceCheckUtils]: 112: Hoare triple {32639#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {32197#false} is VALID [2022-02-20 18:03:46,379 INFO L290 TraceCheckUtils]: 113: Hoare triple {32197#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet81#1 && test_#t~nondet81#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet81#1;havoc test_#t~nondet81#1; {32197#false} is VALID [2022-02-20 18:03:46,379 INFO L290 TraceCheckUtils]: 114: Hoare triple {32197#false} assume 0 != test_~tmp___8~0#1; {32197#false} is VALID [2022-02-20 18:03:46,379 INFO L290 TraceCheckUtils]: 115: Hoare triple {32197#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {32197#false} is VALID [2022-02-20 18:03:46,379 INFO L290 TraceCheckUtils]: 116: Hoare triple {32197#false} test_~op2~0#1 := 1; {32197#false} is VALID [2022-02-20 18:03:46,379 INFO L290 TraceCheckUtils]: 117: Hoare triple {32197#false} assume !false; {32197#false} is VALID [2022-02-20 18:03:46,379 INFO L290 TraceCheckUtils]: 118: Hoare triple {32197#false} assume !(test_~splverifierCounter~0#1 < 4); {32197#false} is VALID [2022-02-20 18:03:46,380 INFO L290 TraceCheckUtils]: 119: Hoare triple {32197#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {32197#false} is VALID [2022-02-20 18:03:46,380 INFO L272 TraceCheckUtils]: 120: Hoare triple {32197#false} call sendEmail(~bob~0, ~rjh~0); {32197#false} is VALID [2022-02-20 18:03:46,380 INFO L290 TraceCheckUtils]: 121: Hoare triple {32197#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {32197#false} is VALID [2022-02-20 18:03:46,380 INFO L272 TraceCheckUtils]: 122: Hoare triple {32197#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {32197#false} is VALID [2022-02-20 18:03:46,380 INFO L290 TraceCheckUtils]: 123: Hoare triple {32197#false} ~handle := #in~handle;~value := #in~value; {32197#false} is VALID [2022-02-20 18:03:46,380 INFO L290 TraceCheckUtils]: 124: Hoare triple {32197#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {32197#false} is VALID [2022-02-20 18:03:46,380 INFO L290 TraceCheckUtils]: 125: Hoare triple {32197#false} assume true; {32197#false} is VALID [2022-02-20 18:03:46,380 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {32197#false} {32197#false} #1639#return; {32197#false} is VALID [2022-02-20 18:03:46,381 INFO L272 TraceCheckUtils]: 127: Hoare triple {32197#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {32197#false} is VALID [2022-02-20 18:03:46,381 INFO L290 TraceCheckUtils]: 128: Hoare triple {32197#false} ~handle := #in~handle;~value := #in~value; {32197#false} is VALID [2022-02-20 18:03:46,381 INFO L290 TraceCheckUtils]: 129: Hoare triple {32197#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {32197#false} is VALID [2022-02-20 18:03:46,381 INFO L290 TraceCheckUtils]: 130: Hoare triple {32197#false} assume true; {32197#false} is VALID [2022-02-20 18:03:46,381 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {32197#false} {32197#false} #1641#return; {32197#false} is VALID [2022-02-20 18:03:46,381 INFO L290 TraceCheckUtils]: 132: Hoare triple {32197#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {32197#false} is VALID [2022-02-20 18:03:46,381 INFO L290 TraceCheckUtils]: 133: Hoare triple {32197#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {32197#false} is VALID [2022-02-20 18:03:46,381 INFO L272 TraceCheckUtils]: 134: Hoare triple {32197#false} call outgoing(~sender#1, ~email~0#1); {32197#false} is VALID [2022-02-20 18:03:46,382 INFO L290 TraceCheckUtils]: 135: Hoare triple {32197#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32197#false} is VALID [2022-02-20 18:03:46,382 INFO L290 TraceCheckUtils]: 136: Hoare triple {32197#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret27#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {32197#false} is VALID [2022-02-20 18:03:46,382 INFO L272 TraceCheckUtils]: 137: Hoare triple {32197#false} call sign_#t~ret27#1 := getClientPrivateKey(sign_~client#1); {32197#false} is VALID [2022-02-20 18:03:46,382 INFO L290 TraceCheckUtils]: 138: Hoare triple {32197#false} ~handle := #in~handle;havoc ~retValue_acc~31; {32197#false} is VALID [2022-02-20 18:03:46,382 INFO L290 TraceCheckUtils]: 139: Hoare triple {32197#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {32197#false} is VALID [2022-02-20 18:03:46,382 INFO L290 TraceCheckUtils]: 140: Hoare triple {32197#false} assume true; {32197#false} is VALID [2022-02-20 18:03:46,382 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {32197#false} {32197#false} #1581#return; {32197#false} is VALID [2022-02-20 18:03:46,382 INFO L290 TraceCheckUtils]: 142: Hoare triple {32197#false} assume -2147483648 <= sign_#t~ret27#1 && sign_#t~ret27#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret27#1;havoc sign_#t~ret27#1;sign_~privkey~1#1 := sign_~tmp~10#1; {32197#false} is VALID [2022-02-20 18:03:46,382 INFO L290 TraceCheckUtils]: 143: Hoare triple {32197#false} assume 0 == sign_~privkey~1#1; {32197#false} is VALID [2022-02-20 18:03:46,383 INFO L290 TraceCheckUtils]: 144: Hoare triple {32197#false} assume { :end_inline_sign } true; {32197#false} is VALID [2022-02-20 18:03:46,383 INFO L272 TraceCheckUtils]: 145: Hoare triple {32197#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {32197#false} is VALID [2022-02-20 18:03:46,383 INFO L290 TraceCheckUtils]: 146: Hoare triple {32197#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32197#false} is VALID [2022-02-20 18:03:46,383 INFO L290 TraceCheckUtils]: 147: Hoare triple {32197#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {32197#false} is VALID [2022-02-20 18:03:46,383 INFO L272 TraceCheckUtils]: 148: Hoare triple {32197#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {32197#false} is VALID [2022-02-20 18:03:46,383 INFO L290 TraceCheckUtils]: 149: Hoare triple {32197#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32197#false} is VALID [2022-02-20 18:03:46,383 INFO L290 TraceCheckUtils]: 150: Hoare triple {32197#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {32197#false} is VALID [2022-02-20 18:03:46,383 INFO L272 TraceCheckUtils]: 151: Hoare triple {32197#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {32197#false} is VALID [2022-02-20 18:03:46,384 INFO L290 TraceCheckUtils]: 152: Hoare triple {32197#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {32197#false} is VALID [2022-02-20 18:03:46,384 INFO L290 TraceCheckUtils]: 153: Hoare triple {32197#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {32197#false} is VALID [2022-02-20 18:03:46,384 INFO L290 TraceCheckUtils]: 154: Hoare triple {32197#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {32197#false} is VALID [2022-02-20 18:03:46,384 INFO L272 TraceCheckUtils]: 155: Hoare triple {32197#false} call setEmailFrom(~msg#1, ~tmp~1#1); {32197#false} is VALID [2022-02-20 18:03:46,384 INFO L290 TraceCheckUtils]: 156: Hoare triple {32197#false} ~handle := #in~handle;~value := #in~value; {32197#false} is VALID [2022-02-20 18:03:46,384 INFO L290 TraceCheckUtils]: 157: Hoare triple {32197#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {32197#false} is VALID [2022-02-20 18:03:46,384 INFO L290 TraceCheckUtils]: 158: Hoare triple {32197#false} assume true; {32197#false} is VALID [2022-02-20 18:03:46,384 INFO L284 TraceCheckUtils]: 159: Hoare quadruple {32197#false} {32197#false} #1651#return; {32197#false} is VALID [2022-02-20 18:03:46,385 INFO L290 TraceCheckUtils]: 160: Hoare triple {32197#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {32197#false} is VALID [2022-02-20 18:03:46,385 INFO L272 TraceCheckUtils]: 161: Hoare triple {32197#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {32197#false} is VALID [2022-02-20 18:03:46,385 INFO L290 TraceCheckUtils]: 162: Hoare triple {32197#false} ~handle := #in~handle;havoc ~retValue_acc~8; {32197#false} is VALID [2022-02-20 18:03:46,385 INFO L290 TraceCheckUtils]: 163: Hoare triple {32197#false} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {32197#false} is VALID [2022-02-20 18:03:46,385 INFO L290 TraceCheckUtils]: 164: Hoare triple {32197#false} assume true; {32197#false} is VALID [2022-02-20 18:03:46,385 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {32197#false} {32197#false} #1653#return; {32197#false} is VALID [2022-02-20 18:03:46,385 INFO L290 TraceCheckUtils]: 166: Hoare triple {32197#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {32197#false} is VALID [2022-02-20 18:03:46,385 INFO L290 TraceCheckUtils]: 167: Hoare triple {32197#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {32197#false} is VALID [2022-02-20 18:03:46,385 INFO L272 TraceCheckUtils]: 168: Hoare triple {32197#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {32197#false} is VALID [2022-02-20 18:03:46,386 INFO L290 TraceCheckUtils]: 169: Hoare triple {32197#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {32197#false} is VALID [2022-02-20 18:03:46,386 INFO L290 TraceCheckUtils]: 170: Hoare triple {32197#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {32197#false} is VALID [2022-02-20 18:03:46,386 INFO L272 TraceCheckUtils]: 171: Hoare triple {32197#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {32197#false} is VALID [2022-02-20 18:03:46,386 INFO L290 TraceCheckUtils]: 172: Hoare triple {32197#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {32197#false} is VALID [2022-02-20 18:03:46,386 INFO L290 TraceCheckUtils]: 173: Hoare triple {32197#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {32197#false} is VALID [2022-02-20 18:03:46,386 INFO L272 TraceCheckUtils]: 174: Hoare triple {32197#false} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {32197#false} is VALID [2022-02-20 18:03:46,386 INFO L290 TraceCheckUtils]: 175: Hoare triple {32197#false} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {32197#false} is VALID [2022-02-20 18:03:46,386 INFO L290 TraceCheckUtils]: 176: Hoare triple {32197#false} assume true; {32197#false} is VALID [2022-02-20 18:03:46,387 INFO L284 TraceCheckUtils]: 177: Hoare quadruple {32197#false} {32197#false} #1797#return; {32197#false} is VALID [2022-02-20 18:03:46,387 INFO L290 TraceCheckUtils]: 178: Hoare triple {32197#false} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {32197#false} is VALID [2022-02-20 18:03:46,387 INFO L290 TraceCheckUtils]: 179: Hoare triple {32197#false} assume true; {32197#false} is VALID [2022-02-20 18:03:46,387 INFO L284 TraceCheckUtils]: 180: Hoare quadruple {32197#false} {32197#false} #1587#return; {32197#false} is VALID [2022-02-20 18:03:46,387 INFO L290 TraceCheckUtils]: 181: Hoare triple {32197#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {32197#false} is VALID [2022-02-20 18:03:46,387 INFO L290 TraceCheckUtils]: 182: Hoare triple {32197#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {32197#false} is VALID [2022-02-20 18:03:46,387 INFO L290 TraceCheckUtils]: 183: Hoare triple {32197#false} assume !false; {32197#false} is VALID [2022-02-20 18:03:46,388 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 18:03:46,388 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:46,388 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1710873521] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:46,388 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:46,388 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 18:03:46,388 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1222310881] [2022-02-20 18:03:46,389 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:46,389 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 184 [2022-02-20 18:03:46,390 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:46,390 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:03:46,495 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 155 edges. 155 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:46,495 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:03:46,495 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:46,495 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:03:46,496 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:03:46,496 INFO L87 Difference]: Start difference. First operand 594 states and 849 transitions. Second operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:03:47,182 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:47,184 INFO L93 Difference]: Finished difference Result 1205 states and 1757 transitions. [2022-02-20 18:03:47,184 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:03:47,184 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 184 [2022-02-20 18:03:47,188 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:47,189 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:03:47,211 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1751 transitions. [2022-02-20 18:03:47,211 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:03:47,251 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1751 transitions. [2022-02-20 18:03:47,251 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1751 transitions. [2022-02-20 18:03:48,416 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1751 edges. 1751 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:48,461 INFO L225 Difference]: With dead ends: 1205 [2022-02-20 18:03:48,461 INFO L226 Difference]: Without dead ends: 692 [2022-02-20 18:03:48,462 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 237 GetRequests, 226 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:03:48,463 INFO L933 BasicCegarLoop]: 868 mSDtfsCounter, 165 mSDsluCounter, 795 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 1663 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:48,463 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 1663 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:03:48,464 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 692 states. [2022-02-20 18:03:48,510 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 692 to 684. [2022-02-20 18:03:48,510 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:48,511 INFO L82 GeneralOperation]: Start isEquivalent. First operand 692 states. Second operand has 684 states, 522 states have (on average 1.4636015325670497) internal successors, (764), 532 states have internal predecessors, (764), 116 states have call successors, (116), 45 states have call predecessors, (116), 45 states have return successors, (115), 114 states have call predecessors, (115), 115 states have call successors, (115) [2022-02-20 18:03:48,512 INFO L74 IsIncluded]: Start isIncluded. First operand 692 states. Second operand has 684 states, 522 states have (on average 1.4636015325670497) internal successors, (764), 532 states have internal predecessors, (764), 116 states have call successors, (116), 45 states have call predecessors, (116), 45 states have return successors, (115), 114 states have call predecessors, (115), 115 states have call successors, (115) [2022-02-20 18:03:48,513 INFO L87 Difference]: Start difference. First operand 692 states. Second operand has 684 states, 522 states have (on average 1.4636015325670497) internal successors, (764), 532 states have internal predecessors, (764), 116 states have call successors, (116), 45 states have call predecessors, (116), 45 states have return successors, (115), 114 states have call predecessors, (115), 115 states have call successors, (115) [2022-02-20 18:03:48,545 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:48,545 INFO L93 Difference]: Finished difference Result 692 states and 1004 transitions. [2022-02-20 18:03:48,545 INFO L276 IsEmpty]: Start isEmpty. Operand 692 states and 1004 transitions. [2022-02-20 18:03:48,547 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:48,547 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:48,548 INFO L74 IsIncluded]: Start isIncluded. First operand has 684 states, 522 states have (on average 1.4636015325670497) internal successors, (764), 532 states have internal predecessors, (764), 116 states have call successors, (116), 45 states have call predecessors, (116), 45 states have return successors, (115), 114 states have call predecessors, (115), 115 states have call successors, (115) Second operand 692 states. [2022-02-20 18:03:48,549 INFO L87 Difference]: Start difference. First operand has 684 states, 522 states have (on average 1.4636015325670497) internal successors, (764), 532 states have internal predecessors, (764), 116 states have call successors, (116), 45 states have call predecessors, (116), 45 states have return successors, (115), 114 states have call predecessors, (115), 115 states have call successors, (115) Second operand 692 states. [2022-02-20 18:03:48,572 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:48,587 INFO L93 Difference]: Finished difference Result 692 states and 1004 transitions. [2022-02-20 18:03:48,587 INFO L276 IsEmpty]: Start isEmpty. Operand 692 states and 1004 transitions. [2022-02-20 18:03:48,589 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:48,589 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:48,589 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:48,589 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:48,590 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 684 states, 522 states have (on average 1.4636015325670497) internal successors, (764), 532 states have internal predecessors, (764), 116 states have call successors, (116), 45 states have call predecessors, (116), 45 states have return successors, (115), 114 states have call predecessors, (115), 115 states have call successors, (115) [2022-02-20 18:03:48,623 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 684 states to 684 states and 995 transitions. [2022-02-20 18:03:48,639 INFO L78 Accepts]: Start accepts. Automaton has 684 states and 995 transitions. Word has length 184 [2022-02-20 18:03:48,640 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:48,640 INFO L470 AbstractCegarLoop]: Abstraction has 684 states and 995 transitions. [2022-02-20 18:03:48,640 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (30), 2 states have call predecessors, (30), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:03:48,640 INFO L276 IsEmpty]: Start isEmpty. Operand 684 states and 995 transitions. [2022-02-20 18:03:48,642 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 186 [2022-02-20 18:03:48,642 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:48,642 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:48,681 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:03:48,856 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable7 [2022-02-20 18:03:48,857 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:48,857 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:48,858 INFO L85 PathProgramCache]: Analyzing trace with hash 1007104851, now seen corresponding path program 1 times [2022-02-20 18:03:48,858 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:48,858 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [638599601] [2022-02-20 18:03:48,858 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:48,858 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:48,890 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:48,952 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:03:48,955 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:48,957 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:48,957 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:48,957 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {36846#true} {36846#true} #1721#return; {36846#true} is VALID [2022-02-20 18:03:48,957 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:03:48,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:48,959 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:48,960 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:48,960 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {36846#true} {36846#true} #1723#return; {36846#true} is VALID [2022-02-20 18:03:48,960 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:03:48,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:48,962 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:48,962 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:48,962 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {36846#true} {36846#true} #1725#return; {36846#true} is VALID [2022-02-20 18:03:48,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:48,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:48,965 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:48,965 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:48,965 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {36846#true} {36846#true} #1727#return; {36846#true} is VALID [2022-02-20 18:03:48,965 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:03:48,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:48,968 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:48,968 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:48,968 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {36846#true} {36846#true} #1729#return; {36846#true} is VALID [2022-02-20 18:03:48,968 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:03:48,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:48,971 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:48,971 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:48,983 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {36846#true} {36846#true} #1731#return; {36846#true} is VALID [2022-02-20 18:03:48,983 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:03:48,985 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:48,987 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:48,987 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:48,987 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {36846#true} {36846#true} #1733#return; {36846#true} is VALID [2022-02-20 18:03:48,987 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:03:48,988 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:48,990 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:48,990 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:48,990 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {36846#true} {36846#true} #1735#return; {36846#true} is VALID [2022-02-20 18:03:48,995 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:03:48,996 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:48,998 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:48,998 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:48,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:48,999 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,000 INFO L290 TraceCheckUtils]: 2: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,000 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36846#true} {36846#true} #1719#return; {36846#true} is VALID [2022-02-20 18:03:49,000 INFO L290 TraceCheckUtils]: 0: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {36846#true} is VALID [2022-02-20 18:03:49,001 INFO L272 TraceCheckUtils]: 1: Hoare triple {36846#true} call setClientId(~bob___0, ~bob___0); {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:49,001 INFO L290 TraceCheckUtils]: 2: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,001 INFO L290 TraceCheckUtils]: 3: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,001 INFO L290 TraceCheckUtils]: 4: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,001 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {36846#true} {36846#true} #1719#return; {36846#true} is VALID [2022-02-20 18:03:49,001 INFO L290 TraceCheckUtils]: 6: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,001 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {36846#true} {36846#true} #1737#return; {36846#true} is VALID [2022-02-20 18:03:49,007 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:03:49,024 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,026 INFO L290 TraceCheckUtils]: 0: Hoare triple {36944#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,026 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,026 INFO L290 TraceCheckUtils]: 2: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,027 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36846#true} {36846#true} #1739#return; {36846#true} is VALID [2022-02-20 18:03:49,027 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:03:49,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:49,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,055 INFO L290 TraceCheckUtils]: 0: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36951#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:49,056 INFO L290 TraceCheckUtils]: 1: Hoare triple {36951#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36952#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:49,056 INFO L290 TraceCheckUtils]: 2: Hoare triple {36952#(= |setClientId_#in~handle| 1)} assume true; {36952#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:49,056 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36952#(= |setClientId_#in~handle| 1)} {36945#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1671#return; {36950#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:49,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {36945#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:49,058 INFO L272 TraceCheckUtils]: 1: Hoare triple {36945#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:49,058 INFO L290 TraceCheckUtils]: 2: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36951#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:49,058 INFO L290 TraceCheckUtils]: 3: Hoare triple {36951#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36952#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:49,059 INFO L290 TraceCheckUtils]: 4: Hoare triple {36952#(= |setClientId_#in~handle| 1)} assume true; {36952#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:49,071 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {36952#(= |setClientId_#in~handle| 1)} {36945#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1671#return; {36950#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:49,072 INFO L290 TraceCheckUtils]: 6: Hoare triple {36950#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {36950#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:49,072 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {36950#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {36885#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1743#return; {36847#false} is VALID [2022-02-20 18:03:49,072 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:03:49,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,076 INFO L290 TraceCheckUtils]: 0: Hoare triple {36944#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,076 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,076 INFO L290 TraceCheckUtils]: 2: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,076 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36846#true} {36847#false} #1745#return; {36847#false} is VALID [2022-02-20 18:03:49,076 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:03:49,077 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,079 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:49,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,081 INFO L290 TraceCheckUtils]: 0: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,081 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,081 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36846#true} {36846#true} #1617#return; {36846#true} is VALID [2022-02-20 18:03:49,081 INFO L290 TraceCheckUtils]: 0: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {36846#true} is VALID [2022-02-20 18:03:49,082 INFO L272 TraceCheckUtils]: 1: Hoare triple {36846#true} call setClientId(~chuck___0, ~chuck___0); {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:49,082 INFO L290 TraceCheckUtils]: 2: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,082 INFO L290 TraceCheckUtils]: 3: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,082 INFO L290 TraceCheckUtils]: 4: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,082 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {36846#true} {36846#true} #1617#return; {36846#true} is VALID [2022-02-20 18:03:49,082 INFO L290 TraceCheckUtils]: 6: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,082 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {36846#true} {36847#false} #1749#return; {36847#false} is VALID [2022-02-20 18:03:49,083 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:03:49,084 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,085 INFO L290 TraceCheckUtils]: 0: Hoare triple {36944#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,085 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,085 INFO L290 TraceCheckUtils]: 2: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,085 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36846#true} {36847#false} #1751#return; {36847#false} is VALID [2022-02-20 18:03:49,093 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:03:49,108 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,110 INFO L290 TraceCheckUtils]: 0: Hoare triple {36957#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,110 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,110 INFO L290 TraceCheckUtils]: 2: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,110 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36846#true} {36847#false} #1639#return; {36847#false} is VALID [2022-02-20 18:03:49,118 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 18:03:49,120 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,122 INFO L290 TraceCheckUtils]: 0: Hoare triple {36958#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,122 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,122 INFO L290 TraceCheckUtils]: 2: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,122 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36846#true} {36847#false} #1641#return; {36847#false} is VALID [2022-02-20 18:03:49,122 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 18:03:49,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,124 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} ~handle := #in~handle;havoc ~retValue_acc~31; {36846#true} is VALID [2022-02-20 18:03:49,124 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {36846#true} is VALID [2022-02-20 18:03:49,125 INFO L290 TraceCheckUtils]: 2: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,125 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36846#true} {36847#false} #1581#return; {36847#false} is VALID [2022-02-20 18:03:49,125 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 156 [2022-02-20 18:03:49,125 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,127 INFO L290 TraceCheckUtils]: 0: Hoare triple {36957#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,127 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,127 INFO L290 TraceCheckUtils]: 2: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,127 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36846#true} {36847#false} #1651#return; {36847#false} is VALID [2022-02-20 18:03:49,127 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 162 [2022-02-20 18:03:49,128 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,129 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} ~handle := #in~handle;havoc ~retValue_acc~8; {36846#true} is VALID [2022-02-20 18:03:49,129 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {36846#true} is VALID [2022-02-20 18:03:49,129 INFO L290 TraceCheckUtils]: 2: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,129 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36846#true} {36847#false} #1653#return; {36847#false} is VALID [2022-02-20 18:03:49,129 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 172 [2022-02-20 18:03:49,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,148 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:03:49,149 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,150 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {36846#true} is VALID [2022-02-20 18:03:49,150 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,150 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {36846#true} {36846#true} #1797#return; {36846#true} is VALID [2022-02-20 18:03:49,151 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {36846#true} is VALID [2022-02-20 18:03:49,151 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {36846#true} is VALID [2022-02-20 18:03:49,151 INFO L272 TraceCheckUtils]: 2: Hoare triple {36846#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {36846#true} is VALID [2022-02-20 18:03:49,151 INFO L290 TraceCheckUtils]: 3: Hoare triple {36846#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {36846#true} is VALID [2022-02-20 18:03:49,151 INFO L290 TraceCheckUtils]: 4: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,151 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {36846#true} {36846#true} #1797#return; {36846#true} is VALID [2022-02-20 18:03:49,151 INFO L290 TraceCheckUtils]: 6: Hoare triple {36846#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {36846#true} is VALID [2022-02-20 18:03:49,151 INFO L290 TraceCheckUtils]: 7: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,152 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {36846#true} {36847#false} #1587#return; {36847#false} is VALID [2022-02-20 18:03:49,152 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {36846#true} is VALID [2022-02-20 18:03:49,152 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {36846#true} is VALID [2022-02-20 18:03:49,152 INFO L290 TraceCheckUtils]: 2: Hoare triple {36846#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {36846#true} is VALID [2022-02-20 18:03:49,152 INFO L272 TraceCheckUtils]: 3: Hoare triple {36846#true} call select_features_#t~ret92#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:49,152 INFO L290 TraceCheckUtils]: 4: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:49,152 INFO L290 TraceCheckUtils]: 5: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,152 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {36846#true} {36846#true} #1721#return; {36846#true} is VALID [2022-02-20 18:03:49,153 INFO L290 TraceCheckUtils]: 7: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {36846#true} is VALID [2022-02-20 18:03:49,153 INFO L272 TraceCheckUtils]: 8: Hoare triple {36846#true} call select_features_#t~ret93#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:49,153 INFO L290 TraceCheckUtils]: 9: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:49,153 INFO L290 TraceCheckUtils]: 10: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,153 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {36846#true} {36846#true} #1723#return; {36846#true} is VALID [2022-02-20 18:03:49,153 INFO L290 TraceCheckUtils]: 12: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {36846#true} is VALID [2022-02-20 18:03:49,153 INFO L272 TraceCheckUtils]: 13: Hoare triple {36846#true} call select_features_#t~ret94#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:49,153 INFO L290 TraceCheckUtils]: 14: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:49,154 INFO L290 TraceCheckUtils]: 15: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,154 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {36846#true} {36846#true} #1725#return; {36846#true} is VALID [2022-02-20 18:03:49,154 INFO L290 TraceCheckUtils]: 17: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {36846#true} is VALID [2022-02-20 18:03:49,154 INFO L272 TraceCheckUtils]: 18: Hoare triple {36846#true} call select_features_#t~ret95#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:49,154 INFO L290 TraceCheckUtils]: 19: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:49,154 INFO L290 TraceCheckUtils]: 20: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,154 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {36846#true} {36846#true} #1727#return; {36846#true} is VALID [2022-02-20 18:03:49,154 INFO L290 TraceCheckUtils]: 22: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {36846#true} is VALID [2022-02-20 18:03:49,154 INFO L272 TraceCheckUtils]: 23: Hoare triple {36846#true} call select_features_#t~ret96#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:49,155 INFO L290 TraceCheckUtils]: 24: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:49,155 INFO L290 TraceCheckUtils]: 25: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,155 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {36846#true} {36846#true} #1729#return; {36846#true} is VALID [2022-02-20 18:03:49,155 INFO L290 TraceCheckUtils]: 27: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {36846#true} is VALID [2022-02-20 18:03:49,155 INFO L272 TraceCheckUtils]: 28: Hoare triple {36846#true} call select_features_#t~ret97#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:49,155 INFO L290 TraceCheckUtils]: 29: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:49,155 INFO L290 TraceCheckUtils]: 30: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,155 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {36846#true} {36846#true} #1731#return; {36846#true} is VALID [2022-02-20 18:03:49,155 INFO L290 TraceCheckUtils]: 32: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {36846#true} is VALID [2022-02-20 18:03:49,156 INFO L272 TraceCheckUtils]: 33: Hoare triple {36846#true} call select_features_#t~ret98#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:49,156 INFO L290 TraceCheckUtils]: 34: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:49,156 INFO L290 TraceCheckUtils]: 35: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,156 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {36846#true} {36846#true} #1733#return; {36846#true} is VALID [2022-02-20 18:03:49,156 INFO L290 TraceCheckUtils]: 37: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {36846#true} is VALID [2022-02-20 18:03:49,156 INFO L272 TraceCheckUtils]: 38: Hoare triple {36846#true} call select_features_#t~ret99#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:49,156 INFO L290 TraceCheckUtils]: 39: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:49,156 INFO L290 TraceCheckUtils]: 40: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,157 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {36846#true} {36846#true} #1735#return; {36846#true} is VALID [2022-02-20 18:03:49,157 INFO L290 TraceCheckUtils]: 42: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {36846#true} is VALID [2022-02-20 18:03:49,157 INFO L290 TraceCheckUtils]: 43: Hoare triple {36846#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {36846#true} is VALID [2022-02-20 18:03:49,157 INFO L290 TraceCheckUtils]: 44: Hoare triple {36846#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {36846#true} is VALID [2022-02-20 18:03:49,157 INFO L290 TraceCheckUtils]: 45: Hoare triple {36846#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {36846#true} is VALID [2022-02-20 18:03:49,157 INFO L290 TraceCheckUtils]: 46: Hoare triple {36846#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {36846#true} is VALID [2022-02-20 18:03:49,157 INFO L290 TraceCheckUtils]: 47: Hoare triple {36846#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {36846#true} is VALID [2022-02-20 18:03:49,157 INFO L290 TraceCheckUtils]: 48: Hoare triple {36846#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {36846#true} is VALID [2022-02-20 18:03:49,157 INFO L290 TraceCheckUtils]: 49: Hoare triple {36846#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {36846#true} is VALID [2022-02-20 18:03:49,158 INFO L290 TraceCheckUtils]: 50: Hoare triple {36846#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {36846#true} is VALID [2022-02-20 18:03:49,158 INFO L290 TraceCheckUtils]: 51: Hoare triple {36846#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {36846#true} is VALID [2022-02-20 18:03:49,158 INFO L290 TraceCheckUtils]: 52: Hoare triple {36846#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {36846#true} is VALID [2022-02-20 18:03:49,158 INFO L290 TraceCheckUtils]: 53: Hoare triple {36846#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~24#1 := 1; {36846#true} is VALID [2022-02-20 18:03:49,158 INFO L290 TraceCheckUtils]: 54: Hoare triple {36846#true} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {36846#true} is VALID [2022-02-20 18:03:49,158 INFO L290 TraceCheckUtils]: 55: Hoare triple {36846#true} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {36846#true} is VALID [2022-02-20 18:03:49,158 INFO L290 TraceCheckUtils]: 56: Hoare triple {36846#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {36846#true} is VALID [2022-02-20 18:03:49,158 INFO L290 TraceCheckUtils]: 57: Hoare triple {36846#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {36846#true} is VALID [2022-02-20 18:03:49,159 INFO L272 TraceCheckUtils]: 58: Hoare triple {36846#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:49,159 INFO L290 TraceCheckUtils]: 59: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {36846#true} is VALID [2022-02-20 18:03:49,160 INFO L272 TraceCheckUtils]: 60: Hoare triple {36846#true} call setClientId(~bob___0, ~bob___0); {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:49,160 INFO L290 TraceCheckUtils]: 61: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,160 INFO L290 TraceCheckUtils]: 62: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,160 INFO L290 TraceCheckUtils]: 63: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,160 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {36846#true} {36846#true} #1719#return; {36846#true} is VALID [2022-02-20 18:03:49,160 INFO L290 TraceCheckUtils]: 65: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,160 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {36846#true} {36846#true} #1737#return; {36846#true} is VALID [2022-02-20 18:03:49,161 INFO L272 TraceCheckUtils]: 67: Hoare triple {36846#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {36944#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:49,161 INFO L290 TraceCheckUtils]: 68: Hoare triple {36944#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,161 INFO L290 TraceCheckUtils]: 69: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,161 INFO L290 TraceCheckUtils]: 70: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,161 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {36846#true} {36846#true} #1739#return; {36846#true} is VALID [2022-02-20 18:03:49,162 INFO L290 TraceCheckUtils]: 72: Hoare triple {36846#true} assume { :end_inline_setup_bob__role__Keys } true; {36846#true} is VALID [2022-02-20 18:03:49,162 INFO L290 TraceCheckUtils]: 73: Hoare triple {36846#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {36884#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:49,162 INFO L290 TraceCheckUtils]: 74: Hoare triple {36884#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {36885#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:49,163 INFO L272 TraceCheckUtils]: 75: Hoare triple {36885#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:49,163 INFO L290 TraceCheckUtils]: 76: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {36945#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:49,164 INFO L272 TraceCheckUtils]: 77: Hoare triple {36945#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:49,164 INFO L290 TraceCheckUtils]: 78: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36951#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:49,165 INFO L290 TraceCheckUtils]: 79: Hoare triple {36951#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36952#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:49,165 INFO L290 TraceCheckUtils]: 80: Hoare triple {36952#(= |setClientId_#in~handle| 1)} assume true; {36952#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:49,165 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {36952#(= |setClientId_#in~handle| 1)} {36945#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1671#return; {36950#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:49,166 INFO L290 TraceCheckUtils]: 82: Hoare triple {36950#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {36950#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:49,166 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {36950#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {36885#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1743#return; {36847#false} is VALID [2022-02-20 18:03:49,166 INFO L272 TraceCheckUtils]: 84: Hoare triple {36847#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {36944#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:49,166 INFO L290 TraceCheckUtils]: 85: Hoare triple {36944#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,166 INFO L290 TraceCheckUtils]: 86: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,167 INFO L290 TraceCheckUtils]: 87: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,167 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {36846#true} {36847#false} #1745#return; {36847#false} is VALID [2022-02-20 18:03:49,167 INFO L290 TraceCheckUtils]: 89: Hoare triple {36847#false} assume { :end_inline_setup_rjh__role__Keys } true; {36847#false} is VALID [2022-02-20 18:03:49,167 INFO L290 TraceCheckUtils]: 90: Hoare triple {36847#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {36847#false} is VALID [2022-02-20 18:03:49,167 INFO L290 TraceCheckUtils]: 91: Hoare triple {36847#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {36847#false} is VALID [2022-02-20 18:03:49,167 INFO L272 TraceCheckUtils]: 92: Hoare triple {36847#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:49,167 INFO L290 TraceCheckUtils]: 93: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {36846#true} is VALID [2022-02-20 18:03:49,168 INFO L272 TraceCheckUtils]: 94: Hoare triple {36846#true} call setClientId(~chuck___0, ~chuck___0); {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:49,168 INFO L290 TraceCheckUtils]: 95: Hoare triple {36939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,168 INFO L290 TraceCheckUtils]: 96: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,168 INFO L290 TraceCheckUtils]: 97: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,168 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {36846#true} {36846#true} #1617#return; {36846#true} is VALID [2022-02-20 18:03:49,168 INFO L290 TraceCheckUtils]: 99: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,169 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {36846#true} {36847#false} #1749#return; {36847#false} is VALID [2022-02-20 18:03:49,169 INFO L272 TraceCheckUtils]: 101: Hoare triple {36847#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {36944#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:49,169 INFO L290 TraceCheckUtils]: 102: Hoare triple {36944#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,169 INFO L290 TraceCheckUtils]: 103: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,169 INFO L290 TraceCheckUtils]: 104: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,169 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {36846#true} {36847#false} #1751#return; {36847#false} is VALID [2022-02-20 18:03:49,169 INFO L290 TraceCheckUtils]: 106: Hoare triple {36847#false} assume { :end_inline_setup_chuck__role__Keys } true; {36847#false} is VALID [2022-02-20 18:03:49,169 INFO L290 TraceCheckUtils]: 107: Hoare triple {36847#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {36847#false} is VALID [2022-02-20 18:03:49,169 INFO L290 TraceCheckUtils]: 108: Hoare triple {36847#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {36847#false} is VALID [2022-02-20 18:03:49,170 INFO L290 TraceCheckUtils]: 109: Hoare triple {36847#false} assume !false; {36847#false} is VALID [2022-02-20 18:03:49,170 INFO L290 TraceCheckUtils]: 110: Hoare triple {36847#false} assume test_~splverifierCounter~0#1 < 4; {36847#false} is VALID [2022-02-20 18:03:49,170 INFO L290 TraceCheckUtils]: 111: Hoare triple {36847#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {36847#false} is VALID [2022-02-20 18:03:49,170 INFO L290 TraceCheckUtils]: 112: Hoare triple {36847#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet80#1 && test_#t~nondet80#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet80#1;havoc test_#t~nondet80#1; {36847#false} is VALID [2022-02-20 18:03:49,170 INFO L290 TraceCheckUtils]: 113: Hoare triple {36847#false} assume !(0 != test_~tmp___9~0#1); {36847#false} is VALID [2022-02-20 18:03:49,170 INFO L290 TraceCheckUtils]: 114: Hoare triple {36847#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet81#1 && test_#t~nondet81#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet81#1;havoc test_#t~nondet81#1; {36847#false} is VALID [2022-02-20 18:03:49,170 INFO L290 TraceCheckUtils]: 115: Hoare triple {36847#false} assume 0 != test_~tmp___8~0#1; {36847#false} is VALID [2022-02-20 18:03:49,170 INFO L290 TraceCheckUtils]: 116: Hoare triple {36847#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {36847#false} is VALID [2022-02-20 18:03:49,171 INFO L290 TraceCheckUtils]: 117: Hoare triple {36847#false} test_~op2~0#1 := 1; {36847#false} is VALID [2022-02-20 18:03:49,171 INFO L290 TraceCheckUtils]: 118: Hoare triple {36847#false} assume !false; {36847#false} is VALID [2022-02-20 18:03:49,171 INFO L290 TraceCheckUtils]: 119: Hoare triple {36847#false} assume !(test_~splverifierCounter~0#1 < 4); {36847#false} is VALID [2022-02-20 18:03:49,171 INFO L290 TraceCheckUtils]: 120: Hoare triple {36847#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {36847#false} is VALID [2022-02-20 18:03:49,171 INFO L272 TraceCheckUtils]: 121: Hoare triple {36847#false} call sendEmail(~bob~0, ~rjh~0); {36847#false} is VALID [2022-02-20 18:03:49,171 INFO L290 TraceCheckUtils]: 122: Hoare triple {36847#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {36847#false} is VALID [2022-02-20 18:03:49,187 INFO L272 TraceCheckUtils]: 123: Hoare triple {36847#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {36957#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:49,187 INFO L290 TraceCheckUtils]: 124: Hoare triple {36957#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,187 INFO L290 TraceCheckUtils]: 125: Hoare triple {36846#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,187 INFO L290 TraceCheckUtils]: 126: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,188 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {36846#true} {36847#false} #1639#return; {36847#false} is VALID [2022-02-20 18:03:49,188 INFO L272 TraceCheckUtils]: 128: Hoare triple {36847#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {36958#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:49,188 INFO L290 TraceCheckUtils]: 129: Hoare triple {36958#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,188 INFO L290 TraceCheckUtils]: 130: Hoare triple {36846#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,188 INFO L290 TraceCheckUtils]: 131: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,188 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {36846#true} {36847#false} #1641#return; {36847#false} is VALID [2022-02-20 18:03:49,188 INFO L290 TraceCheckUtils]: 133: Hoare triple {36847#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {36847#false} is VALID [2022-02-20 18:03:49,188 INFO L290 TraceCheckUtils]: 134: Hoare triple {36847#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {36847#false} is VALID [2022-02-20 18:03:49,188 INFO L272 TraceCheckUtils]: 135: Hoare triple {36847#false} call outgoing(~sender#1, ~email~0#1); {36847#false} is VALID [2022-02-20 18:03:49,189 INFO L290 TraceCheckUtils]: 136: Hoare triple {36847#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {36847#false} is VALID [2022-02-20 18:03:49,189 INFO L290 TraceCheckUtils]: 137: Hoare triple {36847#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret27#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {36847#false} is VALID [2022-02-20 18:03:49,189 INFO L272 TraceCheckUtils]: 138: Hoare triple {36847#false} call sign_#t~ret27#1 := getClientPrivateKey(sign_~client#1); {36846#true} is VALID [2022-02-20 18:03:49,189 INFO L290 TraceCheckUtils]: 139: Hoare triple {36846#true} ~handle := #in~handle;havoc ~retValue_acc~31; {36846#true} is VALID [2022-02-20 18:03:49,189 INFO L290 TraceCheckUtils]: 140: Hoare triple {36846#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {36846#true} is VALID [2022-02-20 18:03:49,189 INFO L290 TraceCheckUtils]: 141: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,189 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {36846#true} {36847#false} #1581#return; {36847#false} is VALID [2022-02-20 18:03:49,189 INFO L290 TraceCheckUtils]: 143: Hoare triple {36847#false} assume -2147483648 <= sign_#t~ret27#1 && sign_#t~ret27#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret27#1;havoc sign_#t~ret27#1;sign_~privkey~1#1 := sign_~tmp~10#1; {36847#false} is VALID [2022-02-20 18:03:49,190 INFO L290 TraceCheckUtils]: 144: Hoare triple {36847#false} assume 0 == sign_~privkey~1#1; {36847#false} is VALID [2022-02-20 18:03:49,190 INFO L290 TraceCheckUtils]: 145: Hoare triple {36847#false} assume { :end_inline_sign } true; {36847#false} is VALID [2022-02-20 18:03:49,190 INFO L272 TraceCheckUtils]: 146: Hoare triple {36847#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {36847#false} is VALID [2022-02-20 18:03:49,190 INFO L290 TraceCheckUtils]: 147: Hoare triple {36847#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {36847#false} is VALID [2022-02-20 18:03:49,190 INFO L290 TraceCheckUtils]: 148: Hoare triple {36847#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {36847#false} is VALID [2022-02-20 18:03:49,190 INFO L272 TraceCheckUtils]: 149: Hoare triple {36847#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {36847#false} is VALID [2022-02-20 18:03:49,190 INFO L290 TraceCheckUtils]: 150: Hoare triple {36847#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {36847#false} is VALID [2022-02-20 18:03:49,190 INFO L290 TraceCheckUtils]: 151: Hoare triple {36847#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {36847#false} is VALID [2022-02-20 18:03:49,190 INFO L272 TraceCheckUtils]: 152: Hoare triple {36847#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {36847#false} is VALID [2022-02-20 18:03:49,191 INFO L290 TraceCheckUtils]: 153: Hoare triple {36847#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {36847#false} is VALID [2022-02-20 18:03:49,191 INFO L290 TraceCheckUtils]: 154: Hoare triple {36847#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {36847#false} is VALID [2022-02-20 18:03:49,191 INFO L290 TraceCheckUtils]: 155: Hoare triple {36847#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {36847#false} is VALID [2022-02-20 18:03:49,191 INFO L272 TraceCheckUtils]: 156: Hoare triple {36847#false} call setEmailFrom(~msg#1, ~tmp~1#1); {36957#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:49,191 INFO L290 TraceCheckUtils]: 157: Hoare triple {36957#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:49,191 INFO L290 TraceCheckUtils]: 158: Hoare triple {36846#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:49,191 INFO L290 TraceCheckUtils]: 159: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,191 INFO L284 TraceCheckUtils]: 160: Hoare quadruple {36846#true} {36847#false} #1651#return; {36847#false} is VALID [2022-02-20 18:03:49,192 INFO L290 TraceCheckUtils]: 161: Hoare triple {36847#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {36847#false} is VALID [2022-02-20 18:03:49,192 INFO L272 TraceCheckUtils]: 162: Hoare triple {36847#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {36846#true} is VALID [2022-02-20 18:03:49,192 INFO L290 TraceCheckUtils]: 163: Hoare triple {36846#true} ~handle := #in~handle;havoc ~retValue_acc~8; {36846#true} is VALID [2022-02-20 18:03:49,192 INFO L290 TraceCheckUtils]: 164: Hoare triple {36846#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {36846#true} is VALID [2022-02-20 18:03:49,192 INFO L290 TraceCheckUtils]: 165: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,192 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {36846#true} {36847#false} #1653#return; {36847#false} is VALID [2022-02-20 18:03:49,192 INFO L290 TraceCheckUtils]: 167: Hoare triple {36847#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {36847#false} is VALID [2022-02-20 18:03:49,192 INFO L290 TraceCheckUtils]: 168: Hoare triple {36847#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {36847#false} is VALID [2022-02-20 18:03:49,192 INFO L272 TraceCheckUtils]: 169: Hoare triple {36847#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {36847#false} is VALID [2022-02-20 18:03:49,193 INFO L290 TraceCheckUtils]: 170: Hoare triple {36847#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {36847#false} is VALID [2022-02-20 18:03:49,193 INFO L290 TraceCheckUtils]: 171: Hoare triple {36847#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {36847#false} is VALID [2022-02-20 18:03:49,193 INFO L272 TraceCheckUtils]: 172: Hoare triple {36847#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {36846#true} is VALID [2022-02-20 18:03:49,193 INFO L290 TraceCheckUtils]: 173: Hoare triple {36846#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {36846#true} is VALID [2022-02-20 18:03:49,193 INFO L290 TraceCheckUtils]: 174: Hoare triple {36846#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {36846#true} is VALID [2022-02-20 18:03:49,193 INFO L272 TraceCheckUtils]: 175: Hoare triple {36846#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {36846#true} is VALID [2022-02-20 18:03:49,193 INFO L290 TraceCheckUtils]: 176: Hoare triple {36846#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {36846#true} is VALID [2022-02-20 18:03:49,193 INFO L290 TraceCheckUtils]: 177: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,193 INFO L284 TraceCheckUtils]: 178: Hoare quadruple {36846#true} {36846#true} #1797#return; {36846#true} is VALID [2022-02-20 18:03:49,194 INFO L290 TraceCheckUtils]: 179: Hoare triple {36846#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {36846#true} is VALID [2022-02-20 18:03:49,194 INFO L290 TraceCheckUtils]: 180: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:49,194 INFO L284 TraceCheckUtils]: 181: Hoare quadruple {36846#true} {36847#false} #1587#return; {36847#false} is VALID [2022-02-20 18:03:49,194 INFO L290 TraceCheckUtils]: 182: Hoare triple {36847#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {36847#false} is VALID [2022-02-20 18:03:49,194 INFO L290 TraceCheckUtils]: 183: Hoare triple {36847#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {36847#false} is VALID [2022-02-20 18:03:49,194 INFO L290 TraceCheckUtils]: 184: Hoare triple {36847#false} assume !false; {36847#false} is VALID [2022-02-20 18:03:49,195 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2022-02-20 18:03:49,195 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:49,195 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [638599601] [2022-02-20 18:03:49,195 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [638599601] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:49,195 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1354407911] [2022-02-20 18:03:49,195 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:49,195 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:49,196 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:49,197 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:49,208 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:03:49,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,493 INFO L263 TraceCheckSpWp]: Trace formula consists of 1510 conjuncts, 10 conjunts are in the unsatisfiable core [2022-02-20 18:03:49,547 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:49,555 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:50,153 INFO L290 TraceCheckUtils]: 0: Hoare triple {36846#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {36846#true} is VALID [2022-02-20 18:03:50,154 INFO L290 TraceCheckUtils]: 1: Hoare triple {36846#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {36846#true} is VALID [2022-02-20 18:03:50,154 INFO L290 TraceCheckUtils]: 2: Hoare triple {36846#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {36846#true} is VALID [2022-02-20 18:03:50,154 INFO L272 TraceCheckUtils]: 3: Hoare triple {36846#true} call select_features_#t~ret92#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:50,154 INFO L290 TraceCheckUtils]: 4: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:50,154 INFO L290 TraceCheckUtils]: 5: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:50,155 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {36846#true} {36846#true} #1721#return; {36846#true} is VALID [2022-02-20 18:03:50,155 INFO L290 TraceCheckUtils]: 7: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {36846#true} is VALID [2022-02-20 18:03:50,155 INFO L272 TraceCheckUtils]: 8: Hoare triple {36846#true} call select_features_#t~ret93#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:50,155 INFO L290 TraceCheckUtils]: 9: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:50,155 INFO L290 TraceCheckUtils]: 10: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:50,155 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {36846#true} {36846#true} #1723#return; {36846#true} is VALID [2022-02-20 18:03:50,155 INFO L290 TraceCheckUtils]: 12: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {36846#true} is VALID [2022-02-20 18:03:50,155 INFO L272 TraceCheckUtils]: 13: Hoare triple {36846#true} call select_features_#t~ret94#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:50,155 INFO L290 TraceCheckUtils]: 14: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:50,156 INFO L290 TraceCheckUtils]: 15: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:50,156 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {36846#true} {36846#true} #1725#return; {36846#true} is VALID [2022-02-20 18:03:50,156 INFO L290 TraceCheckUtils]: 17: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {36846#true} is VALID [2022-02-20 18:03:50,156 INFO L272 TraceCheckUtils]: 18: Hoare triple {36846#true} call select_features_#t~ret95#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:50,156 INFO L290 TraceCheckUtils]: 19: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:50,156 INFO L290 TraceCheckUtils]: 20: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:50,156 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {36846#true} {36846#true} #1727#return; {36846#true} is VALID [2022-02-20 18:03:50,156 INFO L290 TraceCheckUtils]: 22: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {36846#true} is VALID [2022-02-20 18:03:50,157 INFO L272 TraceCheckUtils]: 23: Hoare triple {36846#true} call select_features_#t~ret96#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:50,157 INFO L290 TraceCheckUtils]: 24: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:50,157 INFO L290 TraceCheckUtils]: 25: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:50,157 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {36846#true} {36846#true} #1729#return; {36846#true} is VALID [2022-02-20 18:03:50,157 INFO L290 TraceCheckUtils]: 27: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {36846#true} is VALID [2022-02-20 18:03:50,157 INFO L272 TraceCheckUtils]: 28: Hoare triple {36846#true} call select_features_#t~ret97#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:50,157 INFO L290 TraceCheckUtils]: 29: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:50,157 INFO L290 TraceCheckUtils]: 30: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:50,157 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {36846#true} {36846#true} #1731#return; {36846#true} is VALID [2022-02-20 18:03:50,158 INFO L290 TraceCheckUtils]: 32: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {36846#true} is VALID [2022-02-20 18:03:50,158 INFO L272 TraceCheckUtils]: 33: Hoare triple {36846#true} call select_features_#t~ret98#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:50,158 INFO L290 TraceCheckUtils]: 34: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:50,158 INFO L290 TraceCheckUtils]: 35: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:50,158 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {36846#true} {36846#true} #1733#return; {36846#true} is VALID [2022-02-20 18:03:50,158 INFO L290 TraceCheckUtils]: 37: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {36846#true} is VALID [2022-02-20 18:03:50,158 INFO L272 TraceCheckUtils]: 38: Hoare triple {36846#true} call select_features_#t~ret99#1 := select_one(); {36846#true} is VALID [2022-02-20 18:03:50,158 INFO L290 TraceCheckUtils]: 39: Hoare triple {36846#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {36846#true} is VALID [2022-02-20 18:03:50,159 INFO L290 TraceCheckUtils]: 40: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:50,159 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {36846#true} {36846#true} #1735#return; {36846#true} is VALID [2022-02-20 18:03:50,159 INFO L290 TraceCheckUtils]: 42: Hoare triple {36846#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {36846#true} is VALID [2022-02-20 18:03:50,159 INFO L290 TraceCheckUtils]: 43: Hoare triple {36846#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {36846#true} is VALID [2022-02-20 18:03:50,159 INFO L290 TraceCheckUtils]: 44: Hoare triple {36846#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {36846#true} is VALID [2022-02-20 18:03:50,159 INFO L290 TraceCheckUtils]: 45: Hoare triple {36846#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {36846#true} is VALID [2022-02-20 18:03:50,159 INFO L290 TraceCheckUtils]: 46: Hoare triple {36846#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {36846#true} is VALID [2022-02-20 18:03:50,159 INFO L290 TraceCheckUtils]: 47: Hoare triple {36846#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {36846#true} is VALID [2022-02-20 18:03:50,159 INFO L290 TraceCheckUtils]: 48: Hoare triple {36846#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {36846#true} is VALID [2022-02-20 18:03:50,160 INFO L290 TraceCheckUtils]: 49: Hoare triple {36846#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {36846#true} is VALID [2022-02-20 18:03:50,160 INFO L290 TraceCheckUtils]: 50: Hoare triple {36846#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {36846#true} is VALID [2022-02-20 18:03:50,160 INFO L290 TraceCheckUtils]: 51: Hoare triple {36846#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {36846#true} is VALID [2022-02-20 18:03:50,160 INFO L290 TraceCheckUtils]: 52: Hoare triple {36846#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {36846#true} is VALID [2022-02-20 18:03:50,160 INFO L290 TraceCheckUtils]: 53: Hoare triple {36846#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~24#1 := 1; {36846#true} is VALID [2022-02-20 18:03:50,160 INFO L290 TraceCheckUtils]: 54: Hoare triple {36846#true} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {36846#true} is VALID [2022-02-20 18:03:50,160 INFO L290 TraceCheckUtils]: 55: Hoare triple {36846#true} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {36846#true} is VALID [2022-02-20 18:03:50,160 INFO L290 TraceCheckUtils]: 56: Hoare triple {36846#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {36846#true} is VALID [2022-02-20 18:03:50,161 INFO L290 TraceCheckUtils]: 57: Hoare triple {36846#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {36846#true} is VALID [2022-02-20 18:03:50,161 INFO L272 TraceCheckUtils]: 58: Hoare triple {36846#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {36846#true} is VALID [2022-02-20 18:03:50,161 INFO L290 TraceCheckUtils]: 59: Hoare triple {36846#true} ~bob___0 := #in~bob___0; {36846#true} is VALID [2022-02-20 18:03:50,161 INFO L272 TraceCheckUtils]: 60: Hoare triple {36846#true} call setClientId(~bob___0, ~bob___0); {36846#true} is VALID [2022-02-20 18:03:50,161 INFO L290 TraceCheckUtils]: 61: Hoare triple {36846#true} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:50,161 INFO L290 TraceCheckUtils]: 62: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:50,161 INFO L290 TraceCheckUtils]: 63: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:50,161 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {36846#true} {36846#true} #1719#return; {36846#true} is VALID [2022-02-20 18:03:50,161 INFO L290 TraceCheckUtils]: 65: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:50,162 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {36846#true} {36846#true} #1737#return; {36846#true} is VALID [2022-02-20 18:03:50,162 INFO L272 TraceCheckUtils]: 67: Hoare triple {36846#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {36846#true} is VALID [2022-02-20 18:03:50,162 INFO L290 TraceCheckUtils]: 68: Hoare triple {36846#true} ~handle := #in~handle;~value := #in~value; {36846#true} is VALID [2022-02-20 18:03:50,162 INFO L290 TraceCheckUtils]: 69: Hoare triple {36846#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36846#true} is VALID [2022-02-20 18:03:50,162 INFO L290 TraceCheckUtils]: 70: Hoare triple {36846#true} assume true; {36846#true} is VALID [2022-02-20 18:03:50,162 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {36846#true} {36846#true} #1739#return; {36846#true} is VALID [2022-02-20 18:03:50,162 INFO L290 TraceCheckUtils]: 72: Hoare triple {36846#true} assume { :end_inline_setup_bob__role__Keys } true; {36846#true} is VALID [2022-02-20 18:03:50,163 INFO L290 TraceCheckUtils]: 73: Hoare triple {36846#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {37184#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:03:50,163 INFO L290 TraceCheckUtils]: 74: Hoare triple {37184#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {37188#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:03:50,163 INFO L272 TraceCheckUtils]: 75: Hoare triple {37188#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {36846#true} is VALID [2022-02-20 18:03:50,164 INFO L290 TraceCheckUtils]: 76: Hoare triple {36846#true} ~rjh___0 := #in~rjh___0; {37195#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} is VALID [2022-02-20 18:03:50,164 INFO L272 TraceCheckUtils]: 77: Hoare triple {37195#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} call setClientId(~rjh___0, ~rjh___0); {36846#true} is VALID [2022-02-20 18:03:50,164 INFO L290 TraceCheckUtils]: 78: Hoare triple {36846#true} ~handle := #in~handle;~value := #in~value; {37202#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:03:50,165 INFO L290 TraceCheckUtils]: 79: Hoare triple {37202#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {37206#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:50,165 INFO L290 TraceCheckUtils]: 80: Hoare triple {37206#(<= |setClientId_#in~handle| 1)} assume true; {37206#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:50,166 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {37206#(<= |setClientId_#in~handle| 1)} {37195#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} #1671#return; {37213#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:50,166 INFO L290 TraceCheckUtils]: 82: Hoare triple {37213#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {37213#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:03:50,166 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {37213#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} {37188#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1743#return; {36847#false} is VALID [2022-02-20 18:03:50,166 INFO L272 TraceCheckUtils]: 84: Hoare triple {36847#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {36847#false} is VALID [2022-02-20 18:03:50,167 INFO L290 TraceCheckUtils]: 85: Hoare triple {36847#false} ~handle := #in~handle;~value := #in~value; {36847#false} is VALID [2022-02-20 18:03:50,167 INFO L290 TraceCheckUtils]: 86: Hoare triple {36847#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36847#false} is VALID [2022-02-20 18:03:50,167 INFO L290 TraceCheckUtils]: 87: Hoare triple {36847#false} assume true; {36847#false} is VALID [2022-02-20 18:03:50,167 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {36847#false} {36847#false} #1745#return; {36847#false} is VALID [2022-02-20 18:03:50,167 INFO L290 TraceCheckUtils]: 89: Hoare triple {36847#false} assume { :end_inline_setup_rjh__role__Keys } true; {36847#false} is VALID [2022-02-20 18:03:50,167 INFO L290 TraceCheckUtils]: 90: Hoare triple {36847#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {36847#false} is VALID [2022-02-20 18:03:50,167 INFO L290 TraceCheckUtils]: 91: Hoare triple {36847#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {36847#false} is VALID [2022-02-20 18:03:50,167 INFO L272 TraceCheckUtils]: 92: Hoare triple {36847#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {36847#false} is VALID [2022-02-20 18:03:50,168 INFO L290 TraceCheckUtils]: 93: Hoare triple {36847#false} ~chuck___0 := #in~chuck___0; {36847#false} is VALID [2022-02-20 18:03:50,168 INFO L272 TraceCheckUtils]: 94: Hoare triple {36847#false} call setClientId(~chuck___0, ~chuck___0); {36847#false} is VALID [2022-02-20 18:03:50,168 INFO L290 TraceCheckUtils]: 95: Hoare triple {36847#false} ~handle := #in~handle;~value := #in~value; {36847#false} is VALID [2022-02-20 18:03:50,168 INFO L290 TraceCheckUtils]: 96: Hoare triple {36847#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36847#false} is VALID [2022-02-20 18:03:50,168 INFO L290 TraceCheckUtils]: 97: Hoare triple {36847#false} assume true; {36847#false} is VALID [2022-02-20 18:03:50,168 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {36847#false} {36847#false} #1617#return; {36847#false} is VALID [2022-02-20 18:03:50,168 INFO L290 TraceCheckUtils]: 99: Hoare triple {36847#false} assume true; {36847#false} is VALID [2022-02-20 18:03:50,168 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {36847#false} {36847#false} #1749#return; {36847#false} is VALID [2022-02-20 18:03:50,169 INFO L272 TraceCheckUtils]: 101: Hoare triple {36847#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {36847#false} is VALID [2022-02-20 18:03:50,169 INFO L290 TraceCheckUtils]: 102: Hoare triple {36847#false} ~handle := #in~handle;~value := #in~value; {36847#false} is VALID [2022-02-20 18:03:50,169 INFO L290 TraceCheckUtils]: 103: Hoare triple {36847#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36847#false} is VALID [2022-02-20 18:03:50,169 INFO L290 TraceCheckUtils]: 104: Hoare triple {36847#false} assume true; {36847#false} is VALID [2022-02-20 18:03:50,169 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {36847#false} {36847#false} #1751#return; {36847#false} is VALID [2022-02-20 18:03:50,169 INFO L290 TraceCheckUtils]: 106: Hoare triple {36847#false} assume { :end_inline_setup_chuck__role__Keys } true; {36847#false} is VALID [2022-02-20 18:03:50,169 INFO L290 TraceCheckUtils]: 107: Hoare triple {36847#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {36847#false} is VALID [2022-02-20 18:03:50,169 INFO L290 TraceCheckUtils]: 108: Hoare triple {36847#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {36847#false} is VALID [2022-02-20 18:03:50,169 INFO L290 TraceCheckUtils]: 109: Hoare triple {36847#false} assume !false; {36847#false} is VALID [2022-02-20 18:03:50,170 INFO L290 TraceCheckUtils]: 110: Hoare triple {36847#false} assume test_~splverifierCounter~0#1 < 4; {36847#false} is VALID [2022-02-20 18:03:50,170 INFO L290 TraceCheckUtils]: 111: Hoare triple {36847#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {36847#false} is VALID [2022-02-20 18:03:50,170 INFO L290 TraceCheckUtils]: 112: Hoare triple {36847#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet80#1 && test_#t~nondet80#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet80#1;havoc test_#t~nondet80#1; {36847#false} is VALID [2022-02-20 18:03:50,170 INFO L290 TraceCheckUtils]: 113: Hoare triple {36847#false} assume !(0 != test_~tmp___9~0#1); {36847#false} is VALID [2022-02-20 18:03:50,170 INFO L290 TraceCheckUtils]: 114: Hoare triple {36847#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet81#1 && test_#t~nondet81#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet81#1;havoc test_#t~nondet81#1; {36847#false} is VALID [2022-02-20 18:03:50,170 INFO L290 TraceCheckUtils]: 115: Hoare triple {36847#false} assume 0 != test_~tmp___8~0#1; {36847#false} is VALID [2022-02-20 18:03:50,170 INFO L290 TraceCheckUtils]: 116: Hoare triple {36847#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {36847#false} is VALID [2022-02-20 18:03:50,170 INFO L290 TraceCheckUtils]: 117: Hoare triple {36847#false} test_~op2~0#1 := 1; {36847#false} is VALID [2022-02-20 18:03:50,171 INFO L290 TraceCheckUtils]: 118: Hoare triple {36847#false} assume !false; {36847#false} is VALID [2022-02-20 18:03:50,171 INFO L290 TraceCheckUtils]: 119: Hoare triple {36847#false} assume !(test_~splverifierCounter~0#1 < 4); {36847#false} is VALID [2022-02-20 18:03:50,171 INFO L290 TraceCheckUtils]: 120: Hoare triple {36847#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {36847#false} is VALID [2022-02-20 18:03:50,171 INFO L272 TraceCheckUtils]: 121: Hoare triple {36847#false} call sendEmail(~bob~0, ~rjh~0); {36847#false} is VALID [2022-02-20 18:03:50,171 INFO L290 TraceCheckUtils]: 122: Hoare triple {36847#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {36847#false} is VALID [2022-02-20 18:03:50,171 INFO L272 TraceCheckUtils]: 123: Hoare triple {36847#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {36847#false} is VALID [2022-02-20 18:03:50,171 INFO L290 TraceCheckUtils]: 124: Hoare triple {36847#false} ~handle := #in~handle;~value := #in~value; {36847#false} is VALID [2022-02-20 18:03:50,171 INFO L290 TraceCheckUtils]: 125: Hoare triple {36847#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36847#false} is VALID [2022-02-20 18:03:50,171 INFO L290 TraceCheckUtils]: 126: Hoare triple {36847#false} assume true; {36847#false} is VALID [2022-02-20 18:03:50,172 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {36847#false} {36847#false} #1639#return; {36847#false} is VALID [2022-02-20 18:03:50,172 INFO L272 TraceCheckUtils]: 128: Hoare triple {36847#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {36847#false} is VALID [2022-02-20 18:03:50,172 INFO L290 TraceCheckUtils]: 129: Hoare triple {36847#false} ~handle := #in~handle;~value := #in~value; {36847#false} is VALID [2022-02-20 18:03:50,172 INFO L290 TraceCheckUtils]: 130: Hoare triple {36847#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {36847#false} is VALID [2022-02-20 18:03:50,172 INFO L290 TraceCheckUtils]: 131: Hoare triple {36847#false} assume true; {36847#false} is VALID [2022-02-20 18:03:50,172 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {36847#false} {36847#false} #1641#return; {36847#false} is VALID [2022-02-20 18:03:50,172 INFO L290 TraceCheckUtils]: 133: Hoare triple {36847#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {36847#false} is VALID [2022-02-20 18:03:50,172 INFO L290 TraceCheckUtils]: 134: Hoare triple {36847#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {36847#false} is VALID [2022-02-20 18:03:50,173 INFO L272 TraceCheckUtils]: 135: Hoare triple {36847#false} call outgoing(~sender#1, ~email~0#1); {36847#false} is VALID [2022-02-20 18:03:50,173 INFO L290 TraceCheckUtils]: 136: Hoare triple {36847#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {36847#false} is VALID [2022-02-20 18:03:50,173 INFO L290 TraceCheckUtils]: 137: Hoare triple {36847#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret27#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {36847#false} is VALID [2022-02-20 18:03:50,173 INFO L272 TraceCheckUtils]: 138: Hoare triple {36847#false} call sign_#t~ret27#1 := getClientPrivateKey(sign_~client#1); {36847#false} is VALID [2022-02-20 18:03:50,173 INFO L290 TraceCheckUtils]: 139: Hoare triple {36847#false} ~handle := #in~handle;havoc ~retValue_acc~31; {36847#false} is VALID [2022-02-20 18:03:50,173 INFO L290 TraceCheckUtils]: 140: Hoare triple {36847#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {36847#false} is VALID [2022-02-20 18:03:50,173 INFO L290 TraceCheckUtils]: 141: Hoare triple {36847#false} assume true; {36847#false} is VALID [2022-02-20 18:03:50,173 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {36847#false} {36847#false} #1581#return; {36847#false} is VALID [2022-02-20 18:03:50,173 INFO L290 TraceCheckUtils]: 143: Hoare triple {36847#false} assume -2147483648 <= sign_#t~ret27#1 && sign_#t~ret27#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret27#1;havoc sign_#t~ret27#1;sign_~privkey~1#1 := sign_~tmp~10#1; {36847#false} is VALID [2022-02-20 18:03:50,174 INFO L290 TraceCheckUtils]: 144: Hoare triple {36847#false} assume 0 == sign_~privkey~1#1; {36847#false} is VALID [2022-02-20 18:03:50,174 INFO L290 TraceCheckUtils]: 145: Hoare triple {36847#false} assume { :end_inline_sign } true; {36847#false} is VALID [2022-02-20 18:03:50,174 INFO L272 TraceCheckUtils]: 146: Hoare triple {36847#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {36847#false} is VALID [2022-02-20 18:03:50,174 INFO L290 TraceCheckUtils]: 147: Hoare triple {36847#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {36847#false} is VALID [2022-02-20 18:03:50,174 INFO L290 TraceCheckUtils]: 148: Hoare triple {36847#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {36847#false} is VALID [2022-02-20 18:03:50,174 INFO L272 TraceCheckUtils]: 149: Hoare triple {36847#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {36847#false} is VALID [2022-02-20 18:03:50,174 INFO L290 TraceCheckUtils]: 150: Hoare triple {36847#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {36847#false} is VALID [2022-02-20 18:03:50,174 INFO L290 TraceCheckUtils]: 151: Hoare triple {36847#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {36847#false} is VALID [2022-02-20 18:03:50,175 INFO L272 TraceCheckUtils]: 152: Hoare triple {36847#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {36847#false} is VALID [2022-02-20 18:03:50,175 INFO L290 TraceCheckUtils]: 153: Hoare triple {36847#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {36847#false} is VALID [2022-02-20 18:03:50,175 INFO L290 TraceCheckUtils]: 154: Hoare triple {36847#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {36847#false} is VALID [2022-02-20 18:03:50,175 INFO L290 TraceCheckUtils]: 155: Hoare triple {36847#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {36847#false} is VALID [2022-02-20 18:03:50,175 INFO L272 TraceCheckUtils]: 156: Hoare triple {36847#false} call setEmailFrom(~msg#1, ~tmp~1#1); {36847#false} is VALID [2022-02-20 18:03:50,175 INFO L290 TraceCheckUtils]: 157: Hoare triple {36847#false} ~handle := #in~handle;~value := #in~value; {36847#false} is VALID [2022-02-20 18:03:50,175 INFO L290 TraceCheckUtils]: 158: Hoare triple {36847#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36847#false} is VALID [2022-02-20 18:03:50,175 INFO L290 TraceCheckUtils]: 159: Hoare triple {36847#false} assume true; {36847#false} is VALID [2022-02-20 18:03:50,175 INFO L284 TraceCheckUtils]: 160: Hoare quadruple {36847#false} {36847#false} #1651#return; {36847#false} is VALID [2022-02-20 18:03:50,176 INFO L290 TraceCheckUtils]: 161: Hoare triple {36847#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {36847#false} is VALID [2022-02-20 18:03:50,176 INFO L272 TraceCheckUtils]: 162: Hoare triple {36847#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {36847#false} is VALID [2022-02-20 18:03:50,176 INFO L290 TraceCheckUtils]: 163: Hoare triple {36847#false} ~handle := #in~handle;havoc ~retValue_acc~8; {36847#false} is VALID [2022-02-20 18:03:50,176 INFO L290 TraceCheckUtils]: 164: Hoare triple {36847#false} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {36847#false} is VALID [2022-02-20 18:03:50,176 INFO L290 TraceCheckUtils]: 165: Hoare triple {36847#false} assume true; {36847#false} is VALID [2022-02-20 18:03:50,176 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {36847#false} {36847#false} #1653#return; {36847#false} is VALID [2022-02-20 18:03:50,176 INFO L290 TraceCheckUtils]: 167: Hoare triple {36847#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {36847#false} is VALID [2022-02-20 18:03:50,176 INFO L290 TraceCheckUtils]: 168: Hoare triple {36847#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {36847#false} is VALID [2022-02-20 18:03:50,177 INFO L272 TraceCheckUtils]: 169: Hoare triple {36847#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {36847#false} is VALID [2022-02-20 18:03:50,177 INFO L290 TraceCheckUtils]: 170: Hoare triple {36847#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {36847#false} is VALID [2022-02-20 18:03:50,177 INFO L290 TraceCheckUtils]: 171: Hoare triple {36847#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {36847#false} is VALID [2022-02-20 18:03:50,177 INFO L272 TraceCheckUtils]: 172: Hoare triple {36847#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {36847#false} is VALID [2022-02-20 18:03:50,177 INFO L290 TraceCheckUtils]: 173: Hoare triple {36847#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {36847#false} is VALID [2022-02-20 18:03:50,177 INFO L290 TraceCheckUtils]: 174: Hoare triple {36847#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {36847#false} is VALID [2022-02-20 18:03:50,177 INFO L272 TraceCheckUtils]: 175: Hoare triple {36847#false} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {36847#false} is VALID [2022-02-20 18:03:50,177 INFO L290 TraceCheckUtils]: 176: Hoare triple {36847#false} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {36847#false} is VALID [2022-02-20 18:03:50,177 INFO L290 TraceCheckUtils]: 177: Hoare triple {36847#false} assume true; {36847#false} is VALID [2022-02-20 18:03:50,178 INFO L284 TraceCheckUtils]: 178: Hoare quadruple {36847#false} {36847#false} #1797#return; {36847#false} is VALID [2022-02-20 18:03:50,178 INFO L290 TraceCheckUtils]: 179: Hoare triple {36847#false} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {36847#false} is VALID [2022-02-20 18:03:50,178 INFO L290 TraceCheckUtils]: 180: Hoare triple {36847#false} assume true; {36847#false} is VALID [2022-02-20 18:03:50,178 INFO L284 TraceCheckUtils]: 181: Hoare quadruple {36847#false} {36847#false} #1587#return; {36847#false} is VALID [2022-02-20 18:03:50,178 INFO L290 TraceCheckUtils]: 182: Hoare triple {36847#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {36847#false} is VALID [2022-02-20 18:03:50,178 INFO L290 TraceCheckUtils]: 183: Hoare triple {36847#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {36847#false} is VALID [2022-02-20 18:03:50,178 INFO L290 TraceCheckUtils]: 184: Hoare triple {36847#false} assume !false; {36847#false} is VALID [2022-02-20 18:03:50,179 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2022-02-20 18:03:50,179 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:50,179 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1354407911] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:50,179 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:50,179 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [12] total 18 [2022-02-20 18:03:50,179 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1753910469] [2022-02-20 18:03:50,180 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:50,180 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 18.333333333333332) internal successors, (110), 8 states have internal predecessors, (110), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) Word has length 185 [2022-02-20 18:03:50,180 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:50,181 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 6 states have (on average 18.333333333333332) internal successors, (110), 8 states have internal predecessors, (110), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2022-02-20 18:03:50,315 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 164 edges. 164 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:50,316 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:03:50,316 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:50,316 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:03:50,316 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=267, Unknown=0, NotChecked=0, Total=306 [2022-02-20 18:03:50,316 INFO L87 Difference]: Start difference. First operand 684 states and 995 transitions. Second operand has 8 states, 6 states have (on average 18.333333333333332) internal successors, (110), 8 states have internal predecessors, (110), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2022-02-20 18:03:52,809 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:52,809 INFO L93 Difference]: Finished difference Result 1312 states and 1925 transitions. [2022-02-20 18:03:52,810 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:03:52,810 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 18.333333333333332) internal successors, (110), 8 states have internal predecessors, (110), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) Word has length 185 [2022-02-20 18:03:52,810 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:52,810 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 18.333333333333332) internal successors, (110), 8 states have internal predecessors, (110), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2022-02-20 18:03:52,821 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1625 transitions. [2022-02-20 18:03:52,822 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 18.333333333333332) internal successors, (110), 8 states have internal predecessors, (110), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2022-02-20 18:03:52,832 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1625 transitions. [2022-02-20 18:03:52,833 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 1625 transitions. [2022-02-20 18:03:53,926 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1625 edges. 1625 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:53,947 INFO L225 Difference]: With dead ends: 1312 [2022-02-20 18:03:53,947 INFO L226 Difference]: Without dead ends: 686 [2022-02-20 18:03:53,949 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 241 GetRequests, 222 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 18 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=51, Invalid=369, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:03:53,950 INFO L933 BasicCegarLoop]: 832 mSDtfsCounter, 363 mSDsluCounter, 4583 mSDsCounter, 0 mSdLazyCounter, 75 mSolverCounterSat, 44 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 365 SdHoareTripleChecker+Valid, 5415 SdHoareTripleChecker+Invalid, 119 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 44 IncrementalHoareTripleChecker+Valid, 75 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:53,950 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [365 Valid, 5415 Invalid, 119 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [44 Valid, 75 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:03:53,951 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 686 states. [2022-02-20 18:03:54,051 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 686 to 686. [2022-02-20 18:03:54,052 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:54,053 INFO L82 GeneralOperation]: Start isEquivalent. First operand 686 states. Second operand has 686 states, 523 states have (on average 1.462715105162524) internal successors, (765), 534 states have internal predecessors, (765), 116 states have call successors, (116), 45 states have call predecessors, (116), 46 states have return successors, (117), 114 states have call predecessors, (117), 115 states have call successors, (117) [2022-02-20 18:03:54,054 INFO L74 IsIncluded]: Start isIncluded. First operand 686 states. Second operand has 686 states, 523 states have (on average 1.462715105162524) internal successors, (765), 534 states have internal predecessors, (765), 116 states have call successors, (116), 45 states have call predecessors, (116), 46 states have return successors, (117), 114 states have call predecessors, (117), 115 states have call successors, (117) [2022-02-20 18:03:54,055 INFO L87 Difference]: Start difference. First operand 686 states. Second operand has 686 states, 523 states have (on average 1.462715105162524) internal successors, (765), 534 states have internal predecessors, (765), 116 states have call successors, (116), 45 states have call predecessors, (116), 46 states have return successors, (117), 114 states have call predecessors, (117), 115 states have call successors, (117) [2022-02-20 18:03:54,069 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:54,070 INFO L93 Difference]: Finished difference Result 686 states and 998 transitions. [2022-02-20 18:03:54,070 INFO L276 IsEmpty]: Start isEmpty. Operand 686 states and 998 transitions. [2022-02-20 18:03:54,071 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:54,071 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:54,072 INFO L74 IsIncluded]: Start isIncluded. First operand has 686 states, 523 states have (on average 1.462715105162524) internal successors, (765), 534 states have internal predecessors, (765), 116 states have call successors, (116), 45 states have call predecessors, (116), 46 states have return successors, (117), 114 states have call predecessors, (117), 115 states have call successors, (117) Second operand 686 states. [2022-02-20 18:03:54,073 INFO L87 Difference]: Start difference. First operand has 686 states, 523 states have (on average 1.462715105162524) internal successors, (765), 534 states have internal predecessors, (765), 116 states have call successors, (116), 45 states have call predecessors, (116), 46 states have return successors, (117), 114 states have call predecessors, (117), 115 states have call successors, (117) Second operand 686 states. [2022-02-20 18:03:54,088 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:54,088 INFO L93 Difference]: Finished difference Result 686 states and 998 transitions. [2022-02-20 18:03:54,088 INFO L276 IsEmpty]: Start isEmpty. Operand 686 states and 998 transitions. [2022-02-20 18:03:54,089 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:54,089 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:54,089 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:54,090 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:54,091 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 686 states, 523 states have (on average 1.462715105162524) internal successors, (765), 534 states have internal predecessors, (765), 116 states have call successors, (116), 45 states have call predecessors, (116), 46 states have return successors, (117), 114 states have call predecessors, (117), 115 states have call successors, (117) [2022-02-20 18:03:54,111 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 686 states to 686 states and 998 transitions. [2022-02-20 18:03:54,112 INFO L78 Accepts]: Start accepts. Automaton has 686 states and 998 transitions. Word has length 185 [2022-02-20 18:03:54,112 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:54,112 INFO L470 AbstractCegarLoop]: Abstraction has 686 states and 998 transitions. [2022-02-20 18:03:54,112 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 6 states have (on average 18.333333333333332) internal successors, (110), 8 states have internal predecessors, (110), 4 states have call successors, (30), 2 states have call predecessors, (30), 4 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2022-02-20 18:03:54,112 INFO L276 IsEmpty]: Start isEmpty. Operand 686 states and 998 transitions. [2022-02-20 18:03:54,114 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 187 [2022-02-20 18:03:54,114 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:54,114 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:54,143 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:03:54,332 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:54,333 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [incoming__before__DecryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:54,333 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:54,333 INFO L85 PathProgramCache]: Analyzing trace with hash 355693419, now seen corresponding path program 1 times [2022-02-20 18:03:54,333 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:54,333 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [182341770] [2022-02-20 18:03:54,334 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:54,334 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:54,364 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,381 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:03:54,383 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,385 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,385 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,385 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {41649#true} {41649#true} #1721#return; {41649#true} is VALID [2022-02-20 18:03:54,385 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:03:54,386 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,388 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,388 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,388 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {41649#true} {41649#true} #1723#return; {41649#true} is VALID [2022-02-20 18:03:54,388 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:03:54,390 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,391 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,391 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,391 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {41649#true} {41649#true} #1725#return; {41649#true} is VALID [2022-02-20 18:03:54,391 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:54,393 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,394 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,394 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,394 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {41649#true} {41649#true} #1727#return; {41649#true} is VALID [2022-02-20 18:03:54,394 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:03:54,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,397 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,397 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,397 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {41649#true} {41649#true} #1729#return; {41649#true} is VALID [2022-02-20 18:03:54,397 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:03:54,399 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,400 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,400 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,400 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {41649#true} {41649#true} #1731#return; {41649#true} is VALID [2022-02-20 18:03:54,400 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:03:54,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,403 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,403 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,403 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {41649#true} {41649#true} #1733#return; {41649#true} is VALID [2022-02-20 18:03:54,403 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:03:54,405 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,406 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,406 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,406 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {41649#true} {41649#true} #1735#return; {41649#true} is VALID [2022-02-20 18:03:54,411 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:03:54,412 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,413 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:54,414 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,415 INFO L290 TraceCheckUtils]: 0: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,415 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,416 INFO L290 TraceCheckUtils]: 2: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,416 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {41649#true} {41649#true} #1719#return; {41649#true} is VALID [2022-02-20 18:03:54,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {41649#true} is VALID [2022-02-20 18:03:54,416 INFO L272 TraceCheckUtils]: 1: Hoare triple {41649#true} call setClientId(~bob___0, ~bob___0); {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:54,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,417 INFO L290 TraceCheckUtils]: 3: Hoare triple {41649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,417 INFO L290 TraceCheckUtils]: 4: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,417 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {41649#true} {41649#true} #1719#return; {41649#true} is VALID [2022-02-20 18:03:54,417 INFO L290 TraceCheckUtils]: 6: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,417 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {41649#true} {41649#true} #1737#return; {41649#true} is VALID [2022-02-20 18:03:54,422 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:03:54,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,425 INFO L290 TraceCheckUtils]: 0: Hoare triple {41747#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,425 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,425 INFO L290 TraceCheckUtils]: 2: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,425 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {41649#true} {41649#true} #1739#return; {41649#true} is VALID [2022-02-20 18:03:54,426 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:03:54,427 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,438 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:54,439 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,452 INFO L290 TraceCheckUtils]: 0: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {41755#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:54,453 INFO L290 TraceCheckUtils]: 1: Hoare triple {41755#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {41755#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:54,453 INFO L290 TraceCheckUtils]: 2: Hoare triple {41755#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {41756#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:54,453 INFO L290 TraceCheckUtils]: 3: Hoare triple {41756#(= 2 |setClientId_#in~handle|)} assume true; {41756#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:54,454 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {41756#(= 2 |setClientId_#in~handle|)} {41748#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1671#return; {41754#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:54,454 INFO L290 TraceCheckUtils]: 0: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {41748#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:54,455 INFO L272 TraceCheckUtils]: 1: Hoare triple {41748#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:54,455 INFO L290 TraceCheckUtils]: 2: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {41755#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:54,456 INFO L290 TraceCheckUtils]: 3: Hoare triple {41755#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {41755#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:54,456 INFO L290 TraceCheckUtils]: 4: Hoare triple {41755#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {41756#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:54,456 INFO L290 TraceCheckUtils]: 5: Hoare triple {41756#(= 2 |setClientId_#in~handle|)} assume true; {41756#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:54,457 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {41756#(= 2 |setClientId_#in~handle|)} {41748#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1671#return; {41754#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:54,457 INFO L290 TraceCheckUtils]: 7: Hoare triple {41754#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {41754#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:54,457 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {41754#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {41649#true} #1743#return; {41696#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 18:03:54,458 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:03:54,459 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,475 INFO L290 TraceCheckUtils]: 0: Hoare triple {41747#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {41757#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:54,475 INFO L290 TraceCheckUtils]: 1: Hoare triple {41757#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {41758#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:54,475 INFO L290 TraceCheckUtils]: 2: Hoare triple {41758#(= |setClientPrivateKey_#in~handle| 1)} assume true; {41758#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:54,476 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {41758#(= |setClientPrivateKey_#in~handle| 1)} {41696#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1745#return; {41650#false} is VALID [2022-02-20 18:03:54,476 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:03:54,478 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,479 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:54,480 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,481 INFO L290 TraceCheckUtils]: 0: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,481 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,482 INFO L290 TraceCheckUtils]: 2: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,482 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {41649#true} {41649#true} #1617#return; {41649#true} is VALID [2022-02-20 18:03:54,482 INFO L290 TraceCheckUtils]: 0: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {41649#true} is VALID [2022-02-20 18:03:54,482 INFO L272 TraceCheckUtils]: 1: Hoare triple {41649#true} call setClientId(~chuck___0, ~chuck___0); {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:54,483 INFO L290 TraceCheckUtils]: 2: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,483 INFO L290 TraceCheckUtils]: 3: Hoare triple {41649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,483 INFO L290 TraceCheckUtils]: 4: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,483 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {41649#true} {41649#true} #1617#return; {41649#true} is VALID [2022-02-20 18:03:54,483 INFO L290 TraceCheckUtils]: 6: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,483 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {41649#true} {41650#false} #1749#return; {41650#false} is VALID [2022-02-20 18:03:54,483 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:03:54,485 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,487 INFO L290 TraceCheckUtils]: 0: Hoare triple {41747#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,487 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,487 INFO L290 TraceCheckUtils]: 2: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,487 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {41649#true} {41650#false} #1751#return; {41650#false} is VALID [2022-02-20 18:03:54,495 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 18:03:54,496 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,498 INFO L290 TraceCheckUtils]: 0: Hoare triple {41763#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,498 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,498 INFO L290 TraceCheckUtils]: 2: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,498 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {41649#true} {41650#false} #1639#return; {41650#false} is VALID [2022-02-20 18:03:54,507 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:03:54,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,511 INFO L290 TraceCheckUtils]: 0: Hoare triple {41764#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,511 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,511 INFO L290 TraceCheckUtils]: 2: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,511 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {41649#true} {41650#false} #1641#return; {41650#false} is VALID [2022-02-20 18:03:54,512 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 139 [2022-02-20 18:03:54,512 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,514 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} ~handle := #in~handle;havoc ~retValue_acc~31; {41649#true} is VALID [2022-02-20 18:03:54,514 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {41649#true} is VALID [2022-02-20 18:03:54,514 INFO L290 TraceCheckUtils]: 2: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,514 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {41649#true} {41650#false} #1581#return; {41650#false} is VALID [2022-02-20 18:03:54,514 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 157 [2022-02-20 18:03:54,515 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,516 INFO L290 TraceCheckUtils]: 0: Hoare triple {41763#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,516 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,516 INFO L290 TraceCheckUtils]: 2: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,516 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {41649#true} {41650#false} #1651#return; {41650#false} is VALID [2022-02-20 18:03:54,517 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-02-20 18:03:54,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} ~handle := #in~handle;havoc ~retValue_acc~8; {41649#true} is VALID [2022-02-20 18:03:54,519 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {41649#true} is VALID [2022-02-20 18:03:54,519 INFO L290 TraceCheckUtils]: 2: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,519 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {41649#true} {41650#false} #1653#return; {41650#false} is VALID [2022-02-20 18:03:54,519 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 173 [2022-02-20 18:03:54,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,522 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:03:54,523 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,524 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {41649#true} is VALID [2022-02-20 18:03:54,524 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,524 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {41649#true} {41649#true} #1797#return; {41649#true} is VALID [2022-02-20 18:03:54,525 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {41649#true} is VALID [2022-02-20 18:03:54,525 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {41649#true} is VALID [2022-02-20 18:03:54,525 INFO L272 TraceCheckUtils]: 2: Hoare triple {41649#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {41649#true} is VALID [2022-02-20 18:03:54,525 INFO L290 TraceCheckUtils]: 3: Hoare triple {41649#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {41649#true} is VALID [2022-02-20 18:03:54,525 INFO L290 TraceCheckUtils]: 4: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,525 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {41649#true} {41649#true} #1797#return; {41649#true} is VALID [2022-02-20 18:03:54,525 INFO L290 TraceCheckUtils]: 6: Hoare triple {41649#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {41649#true} is VALID [2022-02-20 18:03:54,525 INFO L290 TraceCheckUtils]: 7: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,525 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {41649#true} {41650#false} #1587#return; {41650#false} is VALID [2022-02-20 18:03:54,526 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {41649#true} is VALID [2022-02-20 18:03:54,526 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {41649#true} is VALID [2022-02-20 18:03:54,526 INFO L290 TraceCheckUtils]: 2: Hoare triple {41649#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {41649#true} is VALID [2022-02-20 18:03:54,526 INFO L272 TraceCheckUtils]: 3: Hoare triple {41649#true} call select_features_#t~ret92#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:54,526 INFO L290 TraceCheckUtils]: 4: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,526 INFO L290 TraceCheckUtils]: 5: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,526 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {41649#true} {41649#true} #1721#return; {41649#true} is VALID [2022-02-20 18:03:54,527 INFO L290 TraceCheckUtils]: 7: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {41649#true} is VALID [2022-02-20 18:03:54,527 INFO L272 TraceCheckUtils]: 8: Hoare triple {41649#true} call select_features_#t~ret93#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:54,527 INFO L290 TraceCheckUtils]: 9: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,527 INFO L290 TraceCheckUtils]: 10: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,527 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {41649#true} {41649#true} #1723#return; {41649#true} is VALID [2022-02-20 18:03:54,527 INFO L290 TraceCheckUtils]: 12: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {41649#true} is VALID [2022-02-20 18:03:54,527 INFO L272 TraceCheckUtils]: 13: Hoare triple {41649#true} call select_features_#t~ret94#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:54,527 INFO L290 TraceCheckUtils]: 14: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,527 INFO L290 TraceCheckUtils]: 15: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,528 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {41649#true} {41649#true} #1725#return; {41649#true} is VALID [2022-02-20 18:03:54,528 INFO L290 TraceCheckUtils]: 17: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {41649#true} is VALID [2022-02-20 18:03:54,528 INFO L272 TraceCheckUtils]: 18: Hoare triple {41649#true} call select_features_#t~ret95#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:54,528 INFO L290 TraceCheckUtils]: 19: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,528 INFO L290 TraceCheckUtils]: 20: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,528 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {41649#true} {41649#true} #1727#return; {41649#true} is VALID [2022-02-20 18:03:54,528 INFO L290 TraceCheckUtils]: 22: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {41649#true} is VALID [2022-02-20 18:03:54,528 INFO L272 TraceCheckUtils]: 23: Hoare triple {41649#true} call select_features_#t~ret96#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:54,528 INFO L290 TraceCheckUtils]: 24: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,529 INFO L290 TraceCheckUtils]: 25: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,529 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {41649#true} {41649#true} #1729#return; {41649#true} is VALID [2022-02-20 18:03:54,529 INFO L290 TraceCheckUtils]: 27: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {41649#true} is VALID [2022-02-20 18:03:54,529 INFO L272 TraceCheckUtils]: 28: Hoare triple {41649#true} call select_features_#t~ret97#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:54,529 INFO L290 TraceCheckUtils]: 29: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,529 INFO L290 TraceCheckUtils]: 30: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,529 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {41649#true} {41649#true} #1731#return; {41649#true} is VALID [2022-02-20 18:03:54,529 INFO L290 TraceCheckUtils]: 32: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {41649#true} is VALID [2022-02-20 18:03:54,529 INFO L272 TraceCheckUtils]: 33: Hoare triple {41649#true} call select_features_#t~ret98#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:54,530 INFO L290 TraceCheckUtils]: 34: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,530 INFO L290 TraceCheckUtils]: 35: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,530 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {41649#true} {41649#true} #1733#return; {41649#true} is VALID [2022-02-20 18:03:54,530 INFO L290 TraceCheckUtils]: 37: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {41649#true} is VALID [2022-02-20 18:03:54,530 INFO L272 TraceCheckUtils]: 38: Hoare triple {41649#true} call select_features_#t~ret99#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:54,530 INFO L290 TraceCheckUtils]: 39: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:54,530 INFO L290 TraceCheckUtils]: 40: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,530 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {41649#true} {41649#true} #1735#return; {41649#true} is VALID [2022-02-20 18:03:54,530 INFO L290 TraceCheckUtils]: 42: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {41649#true} is VALID [2022-02-20 18:03:54,531 INFO L290 TraceCheckUtils]: 43: Hoare triple {41649#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {41649#true} is VALID [2022-02-20 18:03:54,531 INFO L290 TraceCheckUtils]: 44: Hoare triple {41649#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {41649#true} is VALID [2022-02-20 18:03:54,531 INFO L290 TraceCheckUtils]: 45: Hoare triple {41649#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {41649#true} is VALID [2022-02-20 18:03:54,531 INFO L290 TraceCheckUtils]: 46: Hoare triple {41649#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {41649#true} is VALID [2022-02-20 18:03:54,531 INFO L290 TraceCheckUtils]: 47: Hoare triple {41649#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {41649#true} is VALID [2022-02-20 18:03:54,531 INFO L290 TraceCheckUtils]: 48: Hoare triple {41649#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {41649#true} is VALID [2022-02-20 18:03:54,531 INFO L290 TraceCheckUtils]: 49: Hoare triple {41649#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {41649#true} is VALID [2022-02-20 18:03:54,531 INFO L290 TraceCheckUtils]: 50: Hoare triple {41649#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {41649#true} is VALID [2022-02-20 18:03:54,531 INFO L290 TraceCheckUtils]: 51: Hoare triple {41649#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {41649#true} is VALID [2022-02-20 18:03:54,532 INFO L290 TraceCheckUtils]: 52: Hoare triple {41649#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {41649#true} is VALID [2022-02-20 18:03:54,532 INFO L290 TraceCheckUtils]: 53: Hoare triple {41649#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~24#1 := 1; {41649#true} is VALID [2022-02-20 18:03:54,532 INFO L290 TraceCheckUtils]: 54: Hoare triple {41649#true} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {41649#true} is VALID [2022-02-20 18:03:54,532 INFO L290 TraceCheckUtils]: 55: Hoare triple {41649#true} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {41649#true} is VALID [2022-02-20 18:03:54,532 INFO L290 TraceCheckUtils]: 56: Hoare triple {41649#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {41649#true} is VALID [2022-02-20 18:03:54,532 INFO L290 TraceCheckUtils]: 57: Hoare triple {41649#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {41649#true} is VALID [2022-02-20 18:03:54,533 INFO L272 TraceCheckUtils]: 58: Hoare triple {41649#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:54,533 INFO L290 TraceCheckUtils]: 59: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {41649#true} is VALID [2022-02-20 18:03:54,533 INFO L272 TraceCheckUtils]: 60: Hoare triple {41649#true} call setClientId(~bob___0, ~bob___0); {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:54,534 INFO L290 TraceCheckUtils]: 61: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,534 INFO L290 TraceCheckUtils]: 62: Hoare triple {41649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,534 INFO L290 TraceCheckUtils]: 63: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,534 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {41649#true} {41649#true} #1719#return; {41649#true} is VALID [2022-02-20 18:03:54,534 INFO L290 TraceCheckUtils]: 65: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,534 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {41649#true} {41649#true} #1737#return; {41649#true} is VALID [2022-02-20 18:03:54,535 INFO L272 TraceCheckUtils]: 67: Hoare triple {41649#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {41747#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:54,535 INFO L290 TraceCheckUtils]: 68: Hoare triple {41747#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,535 INFO L290 TraceCheckUtils]: 69: Hoare triple {41649#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,535 INFO L290 TraceCheckUtils]: 70: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,535 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {41649#true} {41649#true} #1739#return; {41649#true} is VALID [2022-02-20 18:03:54,535 INFO L290 TraceCheckUtils]: 72: Hoare triple {41649#true} assume { :end_inline_setup_bob__role__Keys } true; {41649#true} is VALID [2022-02-20 18:03:54,535 INFO L290 TraceCheckUtils]: 73: Hoare triple {41649#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {41649#true} is VALID [2022-02-20 18:03:54,536 INFO L290 TraceCheckUtils]: 74: Hoare triple {41649#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {41649#true} is VALID [2022-02-20 18:03:54,536 INFO L272 TraceCheckUtils]: 75: Hoare triple {41649#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:54,536 INFO L290 TraceCheckUtils]: 76: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {41748#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:54,537 INFO L272 TraceCheckUtils]: 77: Hoare triple {41748#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:54,537 INFO L290 TraceCheckUtils]: 78: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {41755#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:54,538 INFO L290 TraceCheckUtils]: 79: Hoare triple {41755#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {41755#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:54,538 INFO L290 TraceCheckUtils]: 80: Hoare triple {41755#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {41756#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:54,538 INFO L290 TraceCheckUtils]: 81: Hoare triple {41756#(= 2 |setClientId_#in~handle|)} assume true; {41756#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:54,539 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {41756#(= 2 |setClientId_#in~handle|)} {41748#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1671#return; {41754#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:54,539 INFO L290 TraceCheckUtils]: 83: Hoare triple {41754#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {41754#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:03:54,540 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {41754#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {41649#true} #1743#return; {41696#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 18:03:54,540 INFO L272 TraceCheckUtils]: 85: Hoare triple {41696#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {41747#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:54,540 INFO L290 TraceCheckUtils]: 86: Hoare triple {41747#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {41757#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:54,541 INFO L290 TraceCheckUtils]: 87: Hoare triple {41757#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {41758#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:54,541 INFO L290 TraceCheckUtils]: 88: Hoare triple {41758#(= |setClientPrivateKey_#in~handle| 1)} assume true; {41758#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:54,542 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {41758#(= |setClientPrivateKey_#in~handle| 1)} {41696#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1745#return; {41650#false} is VALID [2022-02-20 18:03:54,542 INFO L290 TraceCheckUtils]: 90: Hoare triple {41650#false} assume { :end_inline_setup_rjh__role__Keys } true; {41650#false} is VALID [2022-02-20 18:03:54,542 INFO L290 TraceCheckUtils]: 91: Hoare triple {41650#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {41650#false} is VALID [2022-02-20 18:03:54,542 INFO L290 TraceCheckUtils]: 92: Hoare triple {41650#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {41650#false} is VALID [2022-02-20 18:03:54,542 INFO L272 TraceCheckUtils]: 93: Hoare triple {41650#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:54,542 INFO L290 TraceCheckUtils]: 94: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {41649#true} is VALID [2022-02-20 18:03:54,543 INFO L272 TraceCheckUtils]: 95: Hoare triple {41649#true} call setClientId(~chuck___0, ~chuck___0); {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:54,543 INFO L290 TraceCheckUtils]: 96: Hoare triple {41742#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,543 INFO L290 TraceCheckUtils]: 97: Hoare triple {41649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,543 INFO L290 TraceCheckUtils]: 98: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,543 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {41649#true} {41649#true} #1617#return; {41649#true} is VALID [2022-02-20 18:03:54,543 INFO L290 TraceCheckUtils]: 100: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,543 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {41649#true} {41650#false} #1749#return; {41650#false} is VALID [2022-02-20 18:03:54,544 INFO L272 TraceCheckUtils]: 102: Hoare triple {41650#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {41747#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:54,544 INFO L290 TraceCheckUtils]: 103: Hoare triple {41747#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,544 INFO L290 TraceCheckUtils]: 104: Hoare triple {41649#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,544 INFO L290 TraceCheckUtils]: 105: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,544 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {41649#true} {41650#false} #1751#return; {41650#false} is VALID [2022-02-20 18:03:54,544 INFO L290 TraceCheckUtils]: 107: Hoare triple {41650#false} assume { :end_inline_setup_chuck__role__Keys } true; {41650#false} is VALID [2022-02-20 18:03:54,544 INFO L290 TraceCheckUtils]: 108: Hoare triple {41650#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {41650#false} is VALID [2022-02-20 18:03:54,544 INFO L290 TraceCheckUtils]: 109: Hoare triple {41650#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {41650#false} is VALID [2022-02-20 18:03:54,545 INFO L290 TraceCheckUtils]: 110: Hoare triple {41650#false} assume !false; {41650#false} is VALID [2022-02-20 18:03:54,545 INFO L290 TraceCheckUtils]: 111: Hoare triple {41650#false} assume test_~splverifierCounter~0#1 < 4; {41650#false} is VALID [2022-02-20 18:03:54,545 INFO L290 TraceCheckUtils]: 112: Hoare triple {41650#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {41650#false} is VALID [2022-02-20 18:03:54,545 INFO L290 TraceCheckUtils]: 113: Hoare triple {41650#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet80#1 && test_#t~nondet80#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet80#1;havoc test_#t~nondet80#1; {41650#false} is VALID [2022-02-20 18:03:54,545 INFO L290 TraceCheckUtils]: 114: Hoare triple {41650#false} assume !(0 != test_~tmp___9~0#1); {41650#false} is VALID [2022-02-20 18:03:54,545 INFO L290 TraceCheckUtils]: 115: Hoare triple {41650#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet81#1 && test_#t~nondet81#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet81#1;havoc test_#t~nondet81#1; {41650#false} is VALID [2022-02-20 18:03:54,545 INFO L290 TraceCheckUtils]: 116: Hoare triple {41650#false} assume 0 != test_~tmp___8~0#1; {41650#false} is VALID [2022-02-20 18:03:54,545 INFO L290 TraceCheckUtils]: 117: Hoare triple {41650#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {41650#false} is VALID [2022-02-20 18:03:54,545 INFO L290 TraceCheckUtils]: 118: Hoare triple {41650#false} test_~op2~0#1 := 1; {41650#false} is VALID [2022-02-20 18:03:54,546 INFO L290 TraceCheckUtils]: 119: Hoare triple {41650#false} assume !false; {41650#false} is VALID [2022-02-20 18:03:54,546 INFO L290 TraceCheckUtils]: 120: Hoare triple {41650#false} assume !(test_~splverifierCounter~0#1 < 4); {41650#false} is VALID [2022-02-20 18:03:54,546 INFO L290 TraceCheckUtils]: 121: Hoare triple {41650#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {41650#false} is VALID [2022-02-20 18:03:54,546 INFO L272 TraceCheckUtils]: 122: Hoare triple {41650#false} call sendEmail(~bob~0, ~rjh~0); {41650#false} is VALID [2022-02-20 18:03:54,546 INFO L290 TraceCheckUtils]: 123: Hoare triple {41650#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {41650#false} is VALID [2022-02-20 18:03:54,546 INFO L272 TraceCheckUtils]: 124: Hoare triple {41650#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {41763#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:54,546 INFO L290 TraceCheckUtils]: 125: Hoare triple {41763#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,546 INFO L290 TraceCheckUtils]: 126: Hoare triple {41649#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,547 INFO L290 TraceCheckUtils]: 127: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,547 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {41649#true} {41650#false} #1639#return; {41650#false} is VALID [2022-02-20 18:03:54,547 INFO L272 TraceCheckUtils]: 129: Hoare triple {41650#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {41764#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:54,547 INFO L290 TraceCheckUtils]: 130: Hoare triple {41764#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,547 INFO L290 TraceCheckUtils]: 131: Hoare triple {41649#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,547 INFO L290 TraceCheckUtils]: 132: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,547 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {41649#true} {41650#false} #1641#return; {41650#false} is VALID [2022-02-20 18:03:54,547 INFO L290 TraceCheckUtils]: 134: Hoare triple {41650#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {41650#false} is VALID [2022-02-20 18:03:54,547 INFO L290 TraceCheckUtils]: 135: Hoare triple {41650#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {41650#false} is VALID [2022-02-20 18:03:54,548 INFO L272 TraceCheckUtils]: 136: Hoare triple {41650#false} call outgoing(~sender#1, ~email~0#1); {41650#false} is VALID [2022-02-20 18:03:54,548 INFO L290 TraceCheckUtils]: 137: Hoare triple {41650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {41650#false} is VALID [2022-02-20 18:03:54,548 INFO L290 TraceCheckUtils]: 138: Hoare triple {41650#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret27#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {41650#false} is VALID [2022-02-20 18:03:54,548 INFO L272 TraceCheckUtils]: 139: Hoare triple {41650#false} call sign_#t~ret27#1 := getClientPrivateKey(sign_~client#1); {41649#true} is VALID [2022-02-20 18:03:54,548 INFO L290 TraceCheckUtils]: 140: Hoare triple {41649#true} ~handle := #in~handle;havoc ~retValue_acc~31; {41649#true} is VALID [2022-02-20 18:03:54,548 INFO L290 TraceCheckUtils]: 141: Hoare triple {41649#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {41649#true} is VALID [2022-02-20 18:03:54,548 INFO L290 TraceCheckUtils]: 142: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,548 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {41649#true} {41650#false} #1581#return; {41650#false} is VALID [2022-02-20 18:03:54,549 INFO L290 TraceCheckUtils]: 144: Hoare triple {41650#false} assume -2147483648 <= sign_#t~ret27#1 && sign_#t~ret27#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret27#1;havoc sign_#t~ret27#1;sign_~privkey~1#1 := sign_~tmp~10#1; {41650#false} is VALID [2022-02-20 18:03:54,549 INFO L290 TraceCheckUtils]: 145: Hoare triple {41650#false} assume 0 == sign_~privkey~1#1; {41650#false} is VALID [2022-02-20 18:03:54,549 INFO L290 TraceCheckUtils]: 146: Hoare triple {41650#false} assume { :end_inline_sign } true; {41650#false} is VALID [2022-02-20 18:03:54,549 INFO L272 TraceCheckUtils]: 147: Hoare triple {41650#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {41650#false} is VALID [2022-02-20 18:03:54,549 INFO L290 TraceCheckUtils]: 148: Hoare triple {41650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {41650#false} is VALID [2022-02-20 18:03:54,549 INFO L290 TraceCheckUtils]: 149: Hoare triple {41650#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {41650#false} is VALID [2022-02-20 18:03:54,549 INFO L272 TraceCheckUtils]: 150: Hoare triple {41650#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {41650#false} is VALID [2022-02-20 18:03:54,549 INFO L290 TraceCheckUtils]: 151: Hoare triple {41650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {41650#false} is VALID [2022-02-20 18:03:54,549 INFO L290 TraceCheckUtils]: 152: Hoare triple {41650#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {41650#false} is VALID [2022-02-20 18:03:54,550 INFO L272 TraceCheckUtils]: 153: Hoare triple {41650#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {41650#false} is VALID [2022-02-20 18:03:54,550 INFO L290 TraceCheckUtils]: 154: Hoare triple {41650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {41650#false} is VALID [2022-02-20 18:03:54,550 INFO L290 TraceCheckUtils]: 155: Hoare triple {41650#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {41650#false} is VALID [2022-02-20 18:03:54,550 INFO L290 TraceCheckUtils]: 156: Hoare triple {41650#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {41650#false} is VALID [2022-02-20 18:03:54,550 INFO L272 TraceCheckUtils]: 157: Hoare triple {41650#false} call setEmailFrom(~msg#1, ~tmp~1#1); {41763#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:54,550 INFO L290 TraceCheckUtils]: 158: Hoare triple {41763#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:54,550 INFO L290 TraceCheckUtils]: 159: Hoare triple {41649#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:54,550 INFO L290 TraceCheckUtils]: 160: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,551 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {41649#true} {41650#false} #1651#return; {41650#false} is VALID [2022-02-20 18:03:54,551 INFO L290 TraceCheckUtils]: 162: Hoare triple {41650#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {41650#false} is VALID [2022-02-20 18:03:54,551 INFO L272 TraceCheckUtils]: 163: Hoare triple {41650#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {41649#true} is VALID [2022-02-20 18:03:54,551 INFO L290 TraceCheckUtils]: 164: Hoare triple {41649#true} ~handle := #in~handle;havoc ~retValue_acc~8; {41649#true} is VALID [2022-02-20 18:03:54,551 INFO L290 TraceCheckUtils]: 165: Hoare triple {41649#true} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {41649#true} is VALID [2022-02-20 18:03:54,551 INFO L290 TraceCheckUtils]: 166: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,551 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {41649#true} {41650#false} #1653#return; {41650#false} is VALID [2022-02-20 18:03:54,551 INFO L290 TraceCheckUtils]: 168: Hoare triple {41650#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {41650#false} is VALID [2022-02-20 18:03:54,551 INFO L290 TraceCheckUtils]: 169: Hoare triple {41650#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {41650#false} is VALID [2022-02-20 18:03:54,552 INFO L272 TraceCheckUtils]: 170: Hoare triple {41650#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {41650#false} is VALID [2022-02-20 18:03:54,552 INFO L290 TraceCheckUtils]: 171: Hoare triple {41650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {41650#false} is VALID [2022-02-20 18:03:54,552 INFO L290 TraceCheckUtils]: 172: Hoare triple {41650#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {41650#false} is VALID [2022-02-20 18:03:54,552 INFO L272 TraceCheckUtils]: 173: Hoare triple {41650#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {41649#true} is VALID [2022-02-20 18:03:54,552 INFO L290 TraceCheckUtils]: 174: Hoare triple {41649#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {41649#true} is VALID [2022-02-20 18:03:54,552 INFO L290 TraceCheckUtils]: 175: Hoare triple {41649#true} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {41649#true} is VALID [2022-02-20 18:03:54,552 INFO L272 TraceCheckUtils]: 176: Hoare triple {41649#true} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {41649#true} is VALID [2022-02-20 18:03:54,552 INFO L290 TraceCheckUtils]: 177: Hoare triple {41649#true} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {41649#true} is VALID [2022-02-20 18:03:54,552 INFO L290 TraceCheckUtils]: 178: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,553 INFO L284 TraceCheckUtils]: 179: Hoare quadruple {41649#true} {41649#true} #1797#return; {41649#true} is VALID [2022-02-20 18:03:54,553 INFO L290 TraceCheckUtils]: 180: Hoare triple {41649#true} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {41649#true} is VALID [2022-02-20 18:03:54,553 INFO L290 TraceCheckUtils]: 181: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:54,553 INFO L284 TraceCheckUtils]: 182: Hoare quadruple {41649#true} {41650#false} #1587#return; {41650#false} is VALID [2022-02-20 18:03:54,553 INFO L290 TraceCheckUtils]: 183: Hoare triple {41650#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {41650#false} is VALID [2022-02-20 18:03:54,553 INFO L290 TraceCheckUtils]: 184: Hoare triple {41650#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {41650#false} is VALID [2022-02-20 18:03:54,553 INFO L290 TraceCheckUtils]: 185: Hoare triple {41650#false} assume !false; {41650#false} is VALID [2022-02-20 18:03:54,554 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 102 trivial. 0 not checked. [2022-02-20 18:03:54,554 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:54,554 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [182341770] [2022-02-20 18:03:54,554 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [182341770] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:54,554 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [631961859] [2022-02-20 18:03:54,554 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:54,554 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:54,555 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:54,556 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:54,557 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:03:54,825 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,830 INFO L263 TraceCheckSpWp]: Trace formula consists of 1511 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:03:54,892 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,894 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:55,331 INFO L290 TraceCheckUtils]: 0: Hoare triple {41649#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(12, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(18, 22);call #Ultimate.allocInit(16, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(13, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(21, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {41649#true} is VALID [2022-02-20 18:03:55,331 INFO L290 TraceCheckUtils]: 1: Hoare triple {41649#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret43#1, main_~retValue_acc~16#1, main_~tmp~13#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {41649#true} is VALID [2022-02-20 18:03:55,332 INFO L290 TraceCheckUtils]: 2: Hoare triple {41649#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret92#1, select_features_#t~ret93#1, select_features_#t~ret94#1, select_features_#t~ret95#1, select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1; {41649#true} is VALID [2022-02-20 18:03:55,332 INFO L272 TraceCheckUtils]: 3: Hoare triple {41649#true} call select_features_#t~ret92#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:55,332 INFO L290 TraceCheckUtils]: 4: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:55,332 INFO L290 TraceCheckUtils]: 5: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,332 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {41649#true} {41649#true} #1721#return; {41649#true} is VALID [2022-02-20 18:03:55,332 INFO L290 TraceCheckUtils]: 7: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret92#1 && select_features_#t~ret92#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret92#1;havoc select_features_#t~ret92#1; {41649#true} is VALID [2022-02-20 18:03:55,332 INFO L272 TraceCheckUtils]: 8: Hoare triple {41649#true} call select_features_#t~ret93#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:55,332 INFO L290 TraceCheckUtils]: 9: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:55,333 INFO L290 TraceCheckUtils]: 10: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,333 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {41649#true} {41649#true} #1723#return; {41649#true} is VALID [2022-02-20 18:03:55,333 INFO L290 TraceCheckUtils]: 12: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret93#1 && select_features_#t~ret93#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret93#1;havoc select_features_#t~ret93#1; {41649#true} is VALID [2022-02-20 18:03:55,333 INFO L272 TraceCheckUtils]: 13: Hoare triple {41649#true} call select_features_#t~ret94#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:55,333 INFO L290 TraceCheckUtils]: 14: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:55,333 INFO L290 TraceCheckUtils]: 15: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,333 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {41649#true} {41649#true} #1725#return; {41649#true} is VALID [2022-02-20 18:03:55,333 INFO L290 TraceCheckUtils]: 17: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret94#1 && select_features_#t~ret94#1 <= 2147483647;~__SELECTED_FEATURE_Encrypt~0 := select_features_#t~ret94#1;havoc select_features_#t~ret94#1; {41649#true} is VALID [2022-02-20 18:03:55,333 INFO L272 TraceCheckUtils]: 18: Hoare triple {41649#true} call select_features_#t~ret95#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:55,334 INFO L290 TraceCheckUtils]: 19: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:55,334 INFO L290 TraceCheckUtils]: 20: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,334 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {41649#true} {41649#true} #1727#return; {41649#true} is VALID [2022-02-20 18:03:55,334 INFO L290 TraceCheckUtils]: 22: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret95#1 && select_features_#t~ret95#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret95#1;havoc select_features_#t~ret95#1; {41649#true} is VALID [2022-02-20 18:03:55,334 INFO L272 TraceCheckUtils]: 23: Hoare triple {41649#true} call select_features_#t~ret96#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:55,334 INFO L290 TraceCheckUtils]: 24: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:55,334 INFO L290 TraceCheckUtils]: 25: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,334 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {41649#true} {41649#true} #1729#return; {41649#true} is VALID [2022-02-20 18:03:55,335 INFO L290 TraceCheckUtils]: 27: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {41649#true} is VALID [2022-02-20 18:03:55,335 INFO L272 TraceCheckUtils]: 28: Hoare triple {41649#true} call select_features_#t~ret97#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:55,335 INFO L290 TraceCheckUtils]: 29: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:55,335 INFO L290 TraceCheckUtils]: 30: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,335 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {41649#true} {41649#true} #1731#return; {41649#true} is VALID [2022-02-20 18:03:55,335 INFO L290 TraceCheckUtils]: 32: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1; {41649#true} is VALID [2022-02-20 18:03:55,335 INFO L272 TraceCheckUtils]: 33: Hoare triple {41649#true} call select_features_#t~ret98#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:55,335 INFO L290 TraceCheckUtils]: 34: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:55,335 INFO L290 TraceCheckUtils]: 35: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,336 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {41649#true} {41649#true} #1733#return; {41649#true} is VALID [2022-02-20 18:03:55,336 INFO L290 TraceCheckUtils]: 37: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1;~__SELECTED_FEATURE_Verify~0 := 1; {41649#true} is VALID [2022-02-20 18:03:55,336 INFO L272 TraceCheckUtils]: 38: Hoare triple {41649#true} call select_features_#t~ret99#1 := select_one(); {41649#true} is VALID [2022-02-20 18:03:55,336 INFO L290 TraceCheckUtils]: 39: Hoare triple {41649#true} havoc ~retValue_acc~39;assume -2147483648 <= #t~nondet91 && #t~nondet91 <= 2147483647;~choice~0 := #t~nondet91;havoc #t~nondet91;~retValue_acc~39 := ~choice~0;#res := ~retValue_acc~39; {41649#true} is VALID [2022-02-20 18:03:55,336 INFO L290 TraceCheckUtils]: 40: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,336 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {41649#true} {41649#true} #1735#return; {41649#true} is VALID [2022-02-20 18:03:55,336 INFO L290 TraceCheckUtils]: 42: Hoare triple {41649#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {41649#true} is VALID [2022-02-20 18:03:55,336 INFO L290 TraceCheckUtils]: 43: Hoare triple {41649#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~40#1, valid_product_~tmp~24#1;havoc valid_product_~retValue_acc~40#1;havoc valid_product_~tmp~24#1; {41649#true} is VALID [2022-02-20 18:03:55,336 INFO L290 TraceCheckUtils]: 44: Hoare triple {41649#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {41649#true} is VALID [2022-02-20 18:03:55,337 INFO L290 TraceCheckUtils]: 45: Hoare triple {41649#true} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {41649#true} is VALID [2022-02-20 18:03:55,337 INFO L290 TraceCheckUtils]: 46: Hoare triple {41649#true} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {41649#true} is VALID [2022-02-20 18:03:55,337 INFO L290 TraceCheckUtils]: 47: Hoare triple {41649#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {41649#true} is VALID [2022-02-20 18:03:55,337 INFO L290 TraceCheckUtils]: 48: Hoare triple {41649#true} assume 0 != ~__SELECTED_FEATURE_Verify~0; {41649#true} is VALID [2022-02-20 18:03:55,337 INFO L290 TraceCheckUtils]: 49: Hoare triple {41649#true} assume !(0 == ~__SELECTED_FEATURE_Verify~0); {41649#true} is VALID [2022-02-20 18:03:55,337 INFO L290 TraceCheckUtils]: 50: Hoare triple {41649#true} assume 0 != ~__SELECTED_FEATURE_Sign~0; {41649#true} is VALID [2022-02-20 18:03:55,337 INFO L290 TraceCheckUtils]: 51: Hoare triple {41649#true} assume !(0 == ~__SELECTED_FEATURE_Sign~0); {41649#true} is VALID [2022-02-20 18:03:55,337 INFO L290 TraceCheckUtils]: 52: Hoare triple {41649#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {41649#true} is VALID [2022-02-20 18:03:55,337 INFO L290 TraceCheckUtils]: 53: Hoare triple {41649#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~24#1 := 1; {41649#true} is VALID [2022-02-20 18:03:55,338 INFO L290 TraceCheckUtils]: 54: Hoare triple {41649#true} valid_product_~retValue_acc~40#1 := valid_product_~tmp~24#1;valid_product_#res#1 := valid_product_~retValue_acc~40#1; {41649#true} is VALID [2022-02-20 18:03:55,338 INFO L290 TraceCheckUtils]: 55: Hoare triple {41649#true} main_#t~ret43#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret43#1 && main_#t~ret43#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret43#1;havoc main_#t~ret43#1; {41649#true} is VALID [2022-02-20 18:03:55,338 INFO L290 TraceCheckUtils]: 56: Hoare triple {41649#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet40#1, setup_#t~nondet41#1, setup_#t~nondet42#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {41649#true} is VALID [2022-02-20 18:03:55,338 INFO L290 TraceCheckUtils]: 57: Hoare triple {41649#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {41649#true} is VALID [2022-02-20 18:03:55,338 INFO L272 TraceCheckUtils]: 58: Hoare triple {41649#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {41649#true} is VALID [2022-02-20 18:03:55,338 INFO L290 TraceCheckUtils]: 59: Hoare triple {41649#true} ~bob___0 := #in~bob___0; {41649#true} is VALID [2022-02-20 18:03:55,338 INFO L272 TraceCheckUtils]: 60: Hoare triple {41649#true} call setClientId(~bob___0, ~bob___0); {41649#true} is VALID [2022-02-20 18:03:55,338 INFO L290 TraceCheckUtils]: 61: Hoare triple {41649#true} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:55,339 INFO L290 TraceCheckUtils]: 62: Hoare triple {41649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:55,339 INFO L290 TraceCheckUtils]: 63: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,339 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {41649#true} {41649#true} #1719#return; {41649#true} is VALID [2022-02-20 18:03:55,339 INFO L290 TraceCheckUtils]: 65: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,339 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {41649#true} {41649#true} #1737#return; {41649#true} is VALID [2022-02-20 18:03:55,339 INFO L272 TraceCheckUtils]: 67: Hoare triple {41649#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {41649#true} is VALID [2022-02-20 18:03:55,339 INFO L290 TraceCheckUtils]: 68: Hoare triple {41649#true} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:55,339 INFO L290 TraceCheckUtils]: 69: Hoare triple {41649#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:55,339 INFO L290 TraceCheckUtils]: 70: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,340 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {41649#true} {41649#true} #1739#return; {41649#true} is VALID [2022-02-20 18:03:55,340 INFO L290 TraceCheckUtils]: 72: Hoare triple {41649#true} assume { :end_inline_setup_bob__role__Keys } true; {41649#true} is VALID [2022-02-20 18:03:55,351 INFO L290 TraceCheckUtils]: 73: Hoare triple {41649#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet40#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {41990#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:03:55,352 INFO L290 TraceCheckUtils]: 74: Hoare triple {41990#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {41994#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:03:55,352 INFO L272 TraceCheckUtils]: 75: Hoare triple {41994#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {41649#true} is VALID [2022-02-20 18:03:55,352 INFO L290 TraceCheckUtils]: 76: Hoare triple {41649#true} ~rjh___0 := #in~rjh___0; {41649#true} is VALID [2022-02-20 18:03:55,352 INFO L272 TraceCheckUtils]: 77: Hoare triple {41649#true} call setClientId(~rjh___0, ~rjh___0); {41649#true} is VALID [2022-02-20 18:03:55,352 INFO L290 TraceCheckUtils]: 78: Hoare triple {41649#true} ~handle := #in~handle;~value := #in~value; {41649#true} is VALID [2022-02-20 18:03:55,352 INFO L290 TraceCheckUtils]: 79: Hoare triple {41649#true} assume !(1 == ~handle); {41649#true} is VALID [2022-02-20 18:03:55,353 INFO L290 TraceCheckUtils]: 80: Hoare triple {41649#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {41649#true} is VALID [2022-02-20 18:03:55,353 INFO L290 TraceCheckUtils]: 81: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,353 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {41649#true} {41649#true} #1671#return; {41649#true} is VALID [2022-02-20 18:03:55,353 INFO L290 TraceCheckUtils]: 83: Hoare triple {41649#true} assume true; {41649#true} is VALID [2022-02-20 18:03:55,353 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {41649#true} {41994#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1743#return; {41994#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:03:55,353 INFO L272 TraceCheckUtils]: 85: Hoare triple {41994#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {41649#true} is VALID [2022-02-20 18:03:55,354 INFO L290 TraceCheckUtils]: 86: Hoare triple {41649#true} ~handle := #in~handle;~value := #in~value; {42031#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:03:55,354 INFO L290 TraceCheckUtils]: 87: Hoare triple {42031#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {42035#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:55,354 INFO L290 TraceCheckUtils]: 88: Hoare triple {42035#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {42035#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:55,355 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {42035#(<= |setClientPrivateKey_#in~handle| 1)} {41994#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1745#return; {41650#false} is VALID [2022-02-20 18:03:55,355 INFO L290 TraceCheckUtils]: 90: Hoare triple {41650#false} assume { :end_inline_setup_rjh__role__Keys } true; {41650#false} is VALID [2022-02-20 18:03:55,355 INFO L290 TraceCheckUtils]: 91: Hoare triple {41650#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet41#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {41650#false} is VALID [2022-02-20 18:03:55,355 INFO L290 TraceCheckUtils]: 92: Hoare triple {41650#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {41650#false} is VALID [2022-02-20 18:03:55,355 INFO L272 TraceCheckUtils]: 93: Hoare triple {41650#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {41650#false} is VALID [2022-02-20 18:03:55,355 INFO L290 TraceCheckUtils]: 94: Hoare triple {41650#false} ~chuck___0 := #in~chuck___0; {41650#false} is VALID [2022-02-20 18:03:55,356 INFO L272 TraceCheckUtils]: 95: Hoare triple {41650#false} call setClientId(~chuck___0, ~chuck___0); {41650#false} is VALID [2022-02-20 18:03:55,356 INFO L290 TraceCheckUtils]: 96: Hoare triple {41650#false} ~handle := #in~handle;~value := #in~value; {41650#false} is VALID [2022-02-20 18:03:55,356 INFO L290 TraceCheckUtils]: 97: Hoare triple {41650#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {41650#false} is VALID [2022-02-20 18:03:55,356 INFO L290 TraceCheckUtils]: 98: Hoare triple {41650#false} assume true; {41650#false} is VALID [2022-02-20 18:03:55,356 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {41650#false} {41650#false} #1617#return; {41650#false} is VALID [2022-02-20 18:03:55,356 INFO L290 TraceCheckUtils]: 100: Hoare triple {41650#false} assume true; {41650#false} is VALID [2022-02-20 18:03:55,356 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {41650#false} {41650#false} #1749#return; {41650#false} is VALID [2022-02-20 18:03:55,356 INFO L272 TraceCheckUtils]: 102: Hoare triple {41650#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {41650#false} is VALID [2022-02-20 18:03:55,357 INFO L290 TraceCheckUtils]: 103: Hoare triple {41650#false} ~handle := #in~handle;~value := #in~value; {41650#false} is VALID [2022-02-20 18:03:55,357 INFO L290 TraceCheckUtils]: 104: Hoare triple {41650#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {41650#false} is VALID [2022-02-20 18:03:55,357 INFO L290 TraceCheckUtils]: 105: Hoare triple {41650#false} assume true; {41650#false} is VALID [2022-02-20 18:03:55,357 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {41650#false} {41650#false} #1751#return; {41650#false} is VALID [2022-02-20 18:03:55,357 INFO L290 TraceCheckUtils]: 107: Hoare triple {41650#false} assume { :end_inline_setup_chuck__role__Keys } true; {41650#false} is VALID [2022-02-20 18:03:55,357 INFO L290 TraceCheckUtils]: 108: Hoare triple {41650#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet42#1; {41650#false} is VALID [2022-02-20 18:03:55,357 INFO L290 TraceCheckUtils]: 109: Hoare triple {41650#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~9#1, test_~tmp___1~5#1, test_~tmp___2~4#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~9#1;havoc test_~tmp___1~5#1;havoc test_~tmp___2~4#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {41650#false} is VALID [2022-02-20 18:03:55,357 INFO L290 TraceCheckUtils]: 110: Hoare triple {41650#false} assume !false; {41650#false} is VALID [2022-02-20 18:03:55,357 INFO L290 TraceCheckUtils]: 111: Hoare triple {41650#false} assume test_~splverifierCounter~0#1 < 4; {41650#false} is VALID [2022-02-20 18:03:55,358 INFO L290 TraceCheckUtils]: 112: Hoare triple {41650#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {41650#false} is VALID [2022-02-20 18:03:55,358 INFO L290 TraceCheckUtils]: 113: Hoare triple {41650#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet80#1 && test_#t~nondet80#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet80#1;havoc test_#t~nondet80#1; {41650#false} is VALID [2022-02-20 18:03:55,358 INFO L290 TraceCheckUtils]: 114: Hoare triple {41650#false} assume !(0 != test_~tmp___9~0#1); {41650#false} is VALID [2022-02-20 18:03:55,358 INFO L290 TraceCheckUtils]: 115: Hoare triple {41650#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet81#1 && test_#t~nondet81#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet81#1;havoc test_#t~nondet81#1; {41650#false} is VALID [2022-02-20 18:03:55,358 INFO L290 TraceCheckUtils]: 116: Hoare triple {41650#false} assume 0 != test_~tmp___8~0#1; {41650#false} is VALID [2022-02-20 18:03:55,358 INFO L290 TraceCheckUtils]: 117: Hoare triple {41650#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {41650#false} is VALID [2022-02-20 18:03:55,358 INFO L290 TraceCheckUtils]: 118: Hoare triple {41650#false} test_~op2~0#1 := 1; {41650#false} is VALID [2022-02-20 18:03:55,358 INFO L290 TraceCheckUtils]: 119: Hoare triple {41650#false} assume !false; {41650#false} is VALID [2022-02-20 18:03:55,358 INFO L290 TraceCheckUtils]: 120: Hoare triple {41650#false} assume !(test_~splverifierCounter~0#1 < 4); {41650#false} is VALID [2022-02-20 18:03:55,359 INFO L290 TraceCheckUtils]: 121: Hoare triple {41650#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret35#1, bobToRjh_#t~ret36#1, bobToRjh_#t~ret37#1, bobToRjh_#t~ret38#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret35#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret35#1 && bobToRjh_#t~ret35#1 <= 2147483647;havoc bobToRjh_#t~ret35#1; {41650#false} is VALID [2022-02-20 18:03:55,359 INFO L272 TraceCheckUtils]: 122: Hoare triple {41650#false} call sendEmail(~bob~0, ~rjh~0); {41650#false} is VALID [2022-02-20 18:03:55,359 INFO L290 TraceCheckUtils]: 123: Hoare triple {41650#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~21#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~21#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {41650#false} is VALID [2022-02-20 18:03:55,359 INFO L272 TraceCheckUtils]: 124: Hoare triple {41650#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {41650#false} is VALID [2022-02-20 18:03:55,359 INFO L290 TraceCheckUtils]: 125: Hoare triple {41650#false} ~handle := #in~handle;~value := #in~value; {41650#false} is VALID [2022-02-20 18:03:55,359 INFO L290 TraceCheckUtils]: 126: Hoare triple {41650#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {41650#false} is VALID [2022-02-20 18:03:55,359 INFO L290 TraceCheckUtils]: 127: Hoare triple {41650#false} assume true; {41650#false} is VALID [2022-02-20 18:03:55,359 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {41650#false} {41650#false} #1639#return; {41650#false} is VALID [2022-02-20 18:03:55,360 INFO L272 TraceCheckUtils]: 129: Hoare triple {41650#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {41650#false} is VALID [2022-02-20 18:03:55,360 INFO L290 TraceCheckUtils]: 130: Hoare triple {41650#false} ~handle := #in~handle;~value := #in~value; {41650#false} is VALID [2022-02-20 18:03:55,360 INFO L290 TraceCheckUtils]: 131: Hoare triple {41650#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {41650#false} is VALID [2022-02-20 18:03:55,360 INFO L290 TraceCheckUtils]: 132: Hoare triple {41650#false} assume true; {41650#false} is VALID [2022-02-20 18:03:55,360 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {41650#false} {41650#false} #1641#return; {41650#false} is VALID [2022-02-20 18:03:55,360 INFO L290 TraceCheckUtils]: 134: Hoare triple {41650#false} createEmail_~retValue_acc~21#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~21#1; {41650#false} is VALID [2022-02-20 18:03:55,360 INFO L290 TraceCheckUtils]: 135: Hoare triple {41650#false} #t~ret23#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret23#1 && #t~ret23#1 <= 2147483647;~tmp~8#1 := #t~ret23#1;havoc #t~ret23#1;~email~0#1 := ~tmp~8#1; {41650#false} is VALID [2022-02-20 18:03:55,360 INFO L272 TraceCheckUtils]: 136: Hoare triple {41650#false} call outgoing(~sender#1, ~email~0#1); {41650#false} is VALID [2022-02-20 18:03:55,360 INFO L290 TraceCheckUtils]: 137: Hoare triple {41650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {41650#false} is VALID [2022-02-20 18:03:55,361 INFO L290 TraceCheckUtils]: 138: Hoare triple {41650#false} assume 0 != ~__SELECTED_FEATURE_Sign~0;assume { :begin_inline_outgoing__role__Sign } true;outgoing__role__Sign_#in~client#1, outgoing__role__Sign_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;outgoing__role__Sign_~client#1 := outgoing__role__Sign_#in~client#1;outgoing__role__Sign_~msg#1 := outgoing__role__Sign_#in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1;havoc sign_#t~ret27#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {41650#false} is VALID [2022-02-20 18:03:55,361 INFO L272 TraceCheckUtils]: 139: Hoare triple {41650#false} call sign_#t~ret27#1 := getClientPrivateKey(sign_~client#1); {41650#false} is VALID [2022-02-20 18:03:55,361 INFO L290 TraceCheckUtils]: 140: Hoare triple {41650#false} ~handle := #in~handle;havoc ~retValue_acc~31; {41650#false} is VALID [2022-02-20 18:03:55,361 INFO L290 TraceCheckUtils]: 141: Hoare triple {41650#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {41650#false} is VALID [2022-02-20 18:03:55,361 INFO L290 TraceCheckUtils]: 142: Hoare triple {41650#false} assume true; {41650#false} is VALID [2022-02-20 18:03:55,361 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {41650#false} {41650#false} #1581#return; {41650#false} is VALID [2022-02-20 18:03:55,361 INFO L290 TraceCheckUtils]: 144: Hoare triple {41650#false} assume -2147483648 <= sign_#t~ret27#1 && sign_#t~ret27#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret27#1;havoc sign_#t~ret27#1;sign_~privkey~1#1 := sign_~tmp~10#1; {41650#false} is VALID [2022-02-20 18:03:55,361 INFO L290 TraceCheckUtils]: 145: Hoare triple {41650#false} assume 0 == sign_~privkey~1#1; {41650#false} is VALID [2022-02-20 18:03:55,362 INFO L290 TraceCheckUtils]: 146: Hoare triple {41650#false} assume { :end_inline_sign } true; {41650#false} is VALID [2022-02-20 18:03:55,362 INFO L272 TraceCheckUtils]: 147: Hoare triple {41650#false} call outgoing__before__Sign(outgoing__role__Sign_~client#1, outgoing__role__Sign_~msg#1); {41650#false} is VALID [2022-02-20 18:03:55,362 INFO L290 TraceCheckUtils]: 148: Hoare triple {41650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {41650#false} is VALID [2022-02-20 18:03:55,362 INFO L290 TraceCheckUtils]: 149: Hoare triple {41650#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {41650#false} is VALID [2022-02-20 18:03:55,362 INFO L272 TraceCheckUtils]: 150: Hoare triple {41650#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {41650#false} is VALID [2022-02-20 18:03:55,362 INFO L290 TraceCheckUtils]: 151: Hoare triple {41650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {41650#false} is VALID [2022-02-20 18:03:55,362 INFO L290 TraceCheckUtils]: 152: Hoare triple {41650#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {41650#false} is VALID [2022-02-20 18:03:55,362 INFO L272 TraceCheckUtils]: 153: Hoare triple {41650#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {41650#false} is VALID [2022-02-20 18:03:55,362 INFO L290 TraceCheckUtils]: 154: Hoare triple {41650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {41650#false} is VALID [2022-02-20 18:03:55,363 INFO L290 TraceCheckUtils]: 155: Hoare triple {41650#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {41650#false} is VALID [2022-02-20 18:03:55,363 INFO L290 TraceCheckUtils]: 156: Hoare triple {41650#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {41650#false} is VALID [2022-02-20 18:03:55,363 INFO L272 TraceCheckUtils]: 157: Hoare triple {41650#false} call setEmailFrom(~msg#1, ~tmp~1#1); {41650#false} is VALID [2022-02-20 18:03:55,363 INFO L290 TraceCheckUtils]: 158: Hoare triple {41650#false} ~handle := #in~handle;~value := #in~value; {41650#false} is VALID [2022-02-20 18:03:55,363 INFO L290 TraceCheckUtils]: 159: Hoare triple {41650#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {41650#false} is VALID [2022-02-20 18:03:55,363 INFO L290 TraceCheckUtils]: 160: Hoare triple {41650#false} assume true; {41650#false} is VALID [2022-02-20 18:03:55,363 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {41650#false} {41650#false} #1651#return; {41650#false} is VALID [2022-02-20 18:03:55,363 INFO L290 TraceCheckUtils]: 162: Hoare triple {41650#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {41650#false} is VALID [2022-02-20 18:03:55,364 INFO L272 TraceCheckUtils]: 163: Hoare triple {41650#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {41650#false} is VALID [2022-02-20 18:03:55,364 INFO L290 TraceCheckUtils]: 164: Hoare triple {41650#false} ~handle := #in~handle;havoc ~retValue_acc~8; {41650#false} is VALID [2022-02-20 18:03:55,364 INFO L290 TraceCheckUtils]: 165: Hoare triple {41650#false} assume 1 == ~handle;~retValue_acc~8 := ~__ste_email_to0~0;#res := ~retValue_acc~8; {41650#false} is VALID [2022-02-20 18:03:55,364 INFO L290 TraceCheckUtils]: 166: Hoare triple {41650#false} assume true; {41650#false} is VALID [2022-02-20 18:03:55,364 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {41650#false} {41650#false} #1653#return; {41650#false} is VALID [2022-02-20 18:03:55,364 INFO L290 TraceCheckUtils]: 168: Hoare triple {41650#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1; {41650#false} is VALID [2022-02-20 18:03:55,364 INFO L290 TraceCheckUtils]: 169: Hoare triple {41650#false} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0); {41650#false} is VALID [2022-02-20 18:03:55,364 INFO L272 TraceCheckUtils]: 170: Hoare triple {41650#false} call incoming__before__Decrypt(incoming_~client#1, incoming_~msg#1); {41650#false} is VALID [2022-02-20 18:03:55,364 INFO L290 TraceCheckUtils]: 171: Hoare triple {41650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {41650#false} is VALID [2022-02-20 18:03:55,365 INFO L290 TraceCheckUtils]: 172: Hoare triple {41650#false} assume 0 != ~__SELECTED_FEATURE_Verify~0;assume { :begin_inline_incoming__role__Verify } true;incoming__role__Verify_#in~client#1, incoming__role__Verify_#in~msg#1 := ~client#1, ~msg#1;havoc incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;incoming__role__Verify_~client#1 := incoming__role__Verify_#in~client#1;incoming__role__Verify_~msg#1 := incoming__role__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__role__Verify_~client#1, incoming__role__Verify_~msg#1;havoc verify_#t~ret29#1, verify_#t~ret30#1, verify_#t~ret31#1, verify_#t~ret32#1, verify_#t~ret33#1, verify_#t~ret34#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~11#1, verify_~tmp___0~3#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~2#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~11#1;havoc verify_~tmp___0~3#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~15#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~15#1; {41650#false} is VALID [2022-02-20 18:03:55,365 INFO L272 TraceCheckUtils]: 173: Hoare triple {41650#false} call __utac_acc__EncryptVerify_spec__1_#t~ret55#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {41650#false} is VALID [2022-02-20 18:03:55,365 INFO L290 TraceCheckUtils]: 174: Hoare triple {41650#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~19#1; {41650#false} is VALID [2022-02-20 18:03:55,365 INFO L290 TraceCheckUtils]: 175: Hoare triple {41650#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {41650#false} is VALID [2022-02-20 18:03:55,365 INFO L272 TraceCheckUtils]: 176: Hoare triple {41650#false} call #t~ret77#1 := isReadable__before__Encrypt(~msg#1); {41650#false} is VALID [2022-02-20 18:03:55,365 INFO L290 TraceCheckUtils]: 177: Hoare triple {41650#false} ~msg := #in~msg;havoc ~retValue_acc~17;~retValue_acc~17 := 1;#res := ~retValue_acc~17; {41650#false} is VALID [2022-02-20 18:03:55,365 INFO L290 TraceCheckUtils]: 178: Hoare triple {41650#false} assume true; {41650#false} is VALID [2022-02-20 18:03:55,365 INFO L284 TraceCheckUtils]: 179: Hoare quadruple {41650#false} {41650#false} #1797#return; {41650#false} is VALID [2022-02-20 18:03:55,366 INFO L290 TraceCheckUtils]: 180: Hoare triple {41650#false} assume -2147483648 <= #t~ret77#1 && #t~ret77#1 <= 2147483647;~retValue_acc~19#1 := #t~ret77#1;havoc #t~ret77#1;#res#1 := ~retValue_acc~19#1; {41650#false} is VALID [2022-02-20 18:03:55,366 INFO L290 TraceCheckUtils]: 181: Hoare triple {41650#false} assume true; {41650#false} is VALID [2022-02-20 18:03:55,366 INFO L284 TraceCheckUtils]: 182: Hoare quadruple {41650#false} {41650#false} #1587#return; {41650#false} is VALID [2022-02-20 18:03:55,366 INFO L290 TraceCheckUtils]: 183: Hoare triple {41650#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret55#1 && __utac_acc__EncryptVerify_spec__1_#t~ret55#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~15#1 := __utac_acc__EncryptVerify_spec__1_#t~ret55#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret55#1; {41650#false} is VALID [2022-02-20 18:03:55,366 INFO L290 TraceCheckUtils]: 184: Hoare triple {41650#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~15#1);assume { :begin_inline___automaton_fail } true; {41650#false} is VALID [2022-02-20 18:03:55,366 INFO L290 TraceCheckUtils]: 185: Hoare triple {41650#false} assume !false; {41650#false} is VALID [2022-02-20 18:03:55,367 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2022-02-20 18:03:55,367 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:55,367 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [631961859] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:55,367 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:55,367 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [13] total 17 [2022-02-20 18:03:55,367 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1938073509] [2022-02-20 18:03:55,367 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:55,368 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 22.4) internal successors, (112), 6 states have internal predecessors, (112), 3 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) Word has length 186 [2022-02-20 18:03:55,368 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:55,368 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 5 states have (on average 22.4) internal successors, (112), 6 states have internal predecessors, (112), 3 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) [2022-02-20 18:03:55,485 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 166 edges. 166 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:55,485 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:03:55,485 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:55,485 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:03:55,486 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=34, Invalid=238, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:03:55,486 INFO L87 Difference]: Start difference. First operand 686 states and 998 transitions. Second operand has 6 states, 5 states have (on average 22.4) internal successors, (112), 6 states have internal predecessors, (112), 3 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) [2022-02-20 18:03:57,102 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:57,103 INFO L93 Difference]: Finished difference Result 1313 states and 1929 transitions. [2022-02-20 18:03:57,103 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:03:57,103 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 22.4) internal successors, (112), 6 states have internal predecessors, (112), 3 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) Word has length 186 [2022-02-20 18:03:57,119 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:57,119 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 22.4) internal successors, (112), 6 states have internal predecessors, (112), 3 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) [2022-02-20 18:03:57,132 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 1623 transitions. [2022-02-20 18:03:57,143 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 22.4) internal successors, (112), 6 states have internal predecessors, (112), 3 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) [2022-02-20 18:03:57,154 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 1623 transitions. [2022-02-20 18:03:57,163 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 1623 transitions. [2022-02-20 18:03:57,768 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1623 edges. 1623 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:57,788 INFO L225 Difference]: With dead ends: 1313 [2022-02-20 18:03:57,788 INFO L226 Difference]: Without dead ends: 688 [2022-02-20 18:03:57,790 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 241 GetRequests, 224 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=299, Unknown=0, NotChecked=0, Total=342 [2022-02-20 18:03:57,790 INFO L933 BasicCegarLoop]: 831 mSDtfsCounter, 361 mSDsluCounter, 2920 mSDsCounter, 0 mSdLazyCounter, 56 mSolverCounterSat, 47 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 361 SdHoareTripleChecker+Valid, 3751 SdHoareTripleChecker+Invalid, 103 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 47 IncrementalHoareTripleChecker+Valid, 56 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:57,791 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [361 Valid, 3751 Invalid, 103 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [47 Valid, 56 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:03:57,792 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 688 states. [2022-02-20 18:03:57,872 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 688 to 688. [2022-02-20 18:03:57,873 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:57,874 INFO L82 GeneralOperation]: Start isEquivalent. First operand 688 states. Second operand has 688 states, 524 states have (on average 1.4618320610687023) internal successors, (766), 536 states have internal predecessors, (766), 116 states have call successors, (116), 45 states have call predecessors, (116), 47 states have return successors, (122), 114 states have call predecessors, (122), 115 states have call successors, (122) [2022-02-20 18:03:57,874 INFO L74 IsIncluded]: Start isIncluded. First operand 688 states. Second operand has 688 states, 524 states have (on average 1.4618320610687023) internal successors, (766), 536 states have internal predecessors, (766), 116 states have call successors, (116), 45 states have call predecessors, (116), 47 states have return successors, (122), 114 states have call predecessors, (122), 115 states have call successors, (122) [2022-02-20 18:03:57,875 INFO L87 Difference]: Start difference. First operand 688 states. Second operand has 688 states, 524 states have (on average 1.4618320610687023) internal successors, (766), 536 states have internal predecessors, (766), 116 states have call successors, (116), 45 states have call predecessors, (116), 47 states have return successors, (122), 114 states have call predecessors, (122), 115 states have call successors, (122) [2022-02-20 18:03:57,890 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:57,891 INFO L93 Difference]: Finished difference Result 688 states and 1004 transitions. [2022-02-20 18:03:57,891 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1004 transitions. [2022-02-20 18:03:57,892 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:57,892 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:57,893 INFO L74 IsIncluded]: Start isIncluded. First operand has 688 states, 524 states have (on average 1.4618320610687023) internal successors, (766), 536 states have internal predecessors, (766), 116 states have call successors, (116), 45 states have call predecessors, (116), 47 states have return successors, (122), 114 states have call predecessors, (122), 115 states have call successors, (122) Second operand 688 states. [2022-02-20 18:03:57,894 INFO L87 Difference]: Start difference. First operand has 688 states, 524 states have (on average 1.4618320610687023) internal successors, (766), 536 states have internal predecessors, (766), 116 states have call successors, (116), 45 states have call predecessors, (116), 47 states have return successors, (122), 114 states have call predecessors, (122), 115 states have call successors, (122) Second operand 688 states. [2022-02-20 18:03:57,909 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:57,909 INFO L93 Difference]: Finished difference Result 688 states and 1004 transitions. [2022-02-20 18:03:57,910 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1004 transitions. [2022-02-20 18:03:57,931 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:57,931 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:57,932 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:57,932 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:57,933 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 688 states, 524 states have (on average 1.4618320610687023) internal successors, (766), 536 states have internal predecessors, (766), 116 states have call successors, (116), 45 states have call predecessors, (116), 47 states have return successors, (122), 114 states have call predecessors, (122), 115 states have call successors, (122) [2022-02-20 18:03:57,953 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 688 states to 688 states and 1004 transitions. [2022-02-20 18:03:57,953 INFO L78 Accepts]: Start accepts. Automaton has 688 states and 1004 transitions. Word has length 186 [2022-02-20 18:03:57,953 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:57,954 INFO L470 AbstractCegarLoop]: Abstraction has 688 states and 1004 transitions. [2022-02-20 18:03:57,954 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 22.4) internal successors, (112), 6 states have internal predecessors, (112), 3 states have call successors, (30), 2 states have call predecessors, (30), 3 states have return successors, (24), 3 states have call predecessors, (24), 3 states have call successors, (24) [2022-02-20 18:03:57,954 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1004 transitions. [2022-02-20 18:03:57,956 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 188 [2022-02-20 18:03:57,956 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:57,956 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]