./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec8_productSimulator.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec8_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash fdf21b24c583a6d136f11a4b24a73548bc1166a9ff6f145f509a3c93fdab8434 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:04:05,237 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:04:05,239 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:04:05,270 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:04:05,271 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:04:05,272 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:04:05,275 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:04:05,276 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:04:05,280 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:04:05,281 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:04:05,282 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:04:05,283 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:04:05,284 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:04:05,285 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:04:05,287 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:04:05,288 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:04:05,290 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:04:05,290 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:04:05,291 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:04:05,296 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:04:05,298 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:04:05,298 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:04:05,299 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:04:05,306 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:04:05,307 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:04:05,308 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:04:05,308 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:04:05,309 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:04:05,309 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:04:05,309 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:04:05,310 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:04:05,310 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:04:05,312 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:04:05,313 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:04:05,314 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:04:05,315 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:04:05,315 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:04:05,316 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:04:05,316 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:04:05,317 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:04:05,317 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:04:05,318 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:04:05,341 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:04:05,351 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:04:05,352 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:04:05,352 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:04:05,353 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:04:05,353 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:04:05,354 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:04:05,354 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:04:05,354 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:04:05,355 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:04:05,356 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:04:05,356 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:04:05,356 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:04:05,356 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:04:05,356 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:04:05,357 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:04:05,357 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:04:05,357 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:04:05,357 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:04:05,357 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:04:05,358 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:04:05,358 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:04:05,358 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:04:05,358 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:04:05,358 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:04:05,359 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:04:05,359 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:04:05,359 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:04:05,359 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:04:05,360 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:04:05,360 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:04:05,360 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:04:05,360 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:04:05,360 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> fdf21b24c583a6d136f11a4b24a73548bc1166a9ff6f145f509a3c93fdab8434 [2022-02-20 18:04:05,543 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:04:05,560 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:04:05,563 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:04:05,564 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:04:05,565 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:04:05,566 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec8_productSimulator.cil.c [2022-02-20 18:04:05,625 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/188c37ab6/88594aeca65b4d7290ab5cb9f8cac29d/FLAG51d68de5c [2022-02-20 18:04:06,184 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:04:06,184 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec8_productSimulator.cil.c [2022-02-20 18:04:06,198 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/188c37ab6/88594aeca65b4d7290ab5cb9f8cac29d/FLAG51d68de5c [2022-02-20 18:04:06,472 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/188c37ab6/88594aeca65b4d7290ab5cb9f8cac29d [2022-02-20 18:04:06,474 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:04:06,480 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:04:06,481 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:04:06,481 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:04:06,485 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:04:06,486 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:04:06" (1/1) ... [2022-02-20 18:04:06,487 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@5c5a408e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:06, skipping insertion in model container [2022-02-20 18:04:06,488 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:04:06" (1/1) ... [2022-02-20 18:04:06,492 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:04:06,541 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:04:06,996 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec8_productSimulator.cil.c[73270,73283] [2022-02-20 18:04:06,998 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:04:07,008 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:04:07,083 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec8_productSimulator.cil.c[73270,73283] [2022-02-20 18:04:07,086 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:04:07,113 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:04:07,113 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:07 WrapperNode [2022-02-20 18:04:07,113 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:04:07,114 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:04:07,114 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:04:07,115 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:04:07,119 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:07" (1/1) ... [2022-02-20 18:04:07,169 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:07" (1/1) ... [2022-02-20 18:04:07,214 INFO L137 Inliner]: procedures = 152, calls = 288, calls flagged for inlining = 68, calls inlined = 65, statements flattened = 1326 [2022-02-20 18:04:07,214 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:04:07,215 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:04:07,215 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:04:07,215 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:04:07,221 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:07" (1/1) ... [2022-02-20 18:04:07,221 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:07" (1/1) ... [2022-02-20 18:04:07,225 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:07" (1/1) ... [2022-02-20 18:04:07,226 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:07" (1/1) ... [2022-02-20 18:04:07,243 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:07" (1/1) ... [2022-02-20 18:04:07,267 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:07" (1/1) ... [2022-02-20 18:04:07,273 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:07" (1/1) ... [2022-02-20 18:04:07,280 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:04:07,281 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:04:07,281 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:04:07,281 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:04:07,281 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:07" (1/1) ... [2022-02-20 18:04:07,299 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:04:07,321 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:07,330 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:04:07,356 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:04:07,356 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:04:07,356 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck__before__Keys [2022-02-20 18:04:07,356 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck__before__Keys [2022-02-20 18:04:07,356 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Sign [2022-02-20 18:04:07,356 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Sign [2022-02-20 18:04:07,357 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 18:04:07,357 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 18:04:07,357 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:04:07,357 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:04:07,357 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 18:04:07,357 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 18:04:07,357 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:04:07,357 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:04:07,358 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Verify [2022-02-20 18:04:07,358 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Verify [2022-02-20 18:04:07,358 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:04:07,358 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:04:07,358 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob__before__Keys [2022-02-20 18:04:07,358 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob__before__Keys [2022-02-20 18:04:07,358 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:04:07,358 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:04:07,359 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:04:07,359 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:04:07,359 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:04:07,359 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:04:07,359 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Decrypt [2022-02-20 18:04:07,359 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Decrypt [2022-02-20 18:04:07,359 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Encrypt [2022-02-20 18:04:07,353 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:04:07,360 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Encrypt [2022-02-20 18:04:07,375 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:04:07,375 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:04:07,375 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:04:07,375 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:04:07,375 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:04:07,376 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:04:07,376 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:04:07,376 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Forward [2022-02-20 18:04:07,376 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Forward [2022-02-20 18:04:07,376 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:04:07,377 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:04:07,377 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 18:04:07,377 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 18:04:07,377 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:04:07,377 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:04:07,377 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable__before__Encrypt [2022-02-20 18:04:07,377 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable__before__Encrypt [2022-02-20 18:04:07,377 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:04:07,377 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:04:07,377 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:04:07,378 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:04:07,378 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:04:07,378 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__AddressBook [2022-02-20 18:04:07,378 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__AddressBook [2022-02-20 18:04:07,378 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Encrypt [2022-02-20 18:04:07,379 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Encrypt [2022-02-20 18:04:07,379 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__AutoResponder [2022-02-20 18:04:07,379 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__AutoResponder [2022-02-20 18:04:07,380 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 18:04:07,380 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 18:04:07,380 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:04:07,380 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:04:07,380 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:04:07,380 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:04:07,380 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:04:07,381 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:04:07,381 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 18:04:07,381 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 18:04:07,381 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:04:07,381 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:04:07,381 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:04:07,381 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:04:07,381 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh__before__Keys [2022-02-20 18:04:07,381 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh__before__Keys [2022-02-20 18:04:07,381 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Verify [2022-02-20 18:04:07,381 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Verify [2022-02-20 18:04:07,381 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:04:07,382 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:04:07,382 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:04:07,382 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:04:07,382 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:04:07,382 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:04:07,382 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:04:07,382 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Sign [2022-02-20 18:04:07,382 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Sign [2022-02-20 18:04:07,382 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2022-02-20 18:04:07,382 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2022-02-20 18:04:07,382 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 18:04:07,382 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 18:04:07,382 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:04:07,382 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:04:07,646 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:04:07,648 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:04:08,472 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:04:08,491 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:04:08,491 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:04:08,493 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:04:08 BoogieIcfgContainer [2022-02-20 18:04:08,493 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:04:08,495 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:04:08,495 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:04:08,497 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:04:08,498 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:04:06" (1/3) ... [2022-02-20 18:04:08,498 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6546abb8 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:04:08, skipping insertion in model container [2022-02-20 18:04:08,498 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:04:07" (2/3) ... [2022-02-20 18:04:08,499 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6546abb8 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:04:08, skipping insertion in model container [2022-02-20 18:04:08,499 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:04:08" (3/3) ... [2022-02-20 18:04:08,503 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec8_productSimulator.cil.c [2022-02-20 18:04:08,506 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:04:08,507 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:04:08,541 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:04:08,545 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:04:08,545 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:04:08,571 INFO L276 IsEmpty]: Start isEmpty. Operand has 604 states, 449 states have (on average 1.5144766146993318) internal successors, (680), 469 states have internal predecessors, (680), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) [2022-02-20 18:04:08,583 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 128 [2022-02-20 18:04:08,584 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:08,584 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:08,585 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:08,589 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:08,593 INFO L85 PathProgramCache]: Analyzing trace with hash -1310995889, now seen corresponding path program 1 times [2022-02-20 18:04:08,600 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:08,601 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1814198992] [2022-02-20 18:04:08,601 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:08,602 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:08,810 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,940 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:04:08,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,957 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:08,958 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:08,958 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1733#return; {607#true} is VALID [2022-02-20 18:04:08,959 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:04:08,963 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:08,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:08,969 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1735#return; {607#true} is VALID [2022-02-20 18:04:08,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:04:08,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,978 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:08,978 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:08,979 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1737#return; {607#true} is VALID [2022-02-20 18:04:08,979 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:08,987 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,991 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:08,991 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:08,991 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1739#return; {607#true} is VALID [2022-02-20 18:04:08,991 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:04:08,994 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,998 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:08,998 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:08,998 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1741#return; {607#true} is VALID [2022-02-20 18:04:08,999 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:04:09,002 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,005 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:09,006 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,006 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1743#return; {607#true} is VALID [2022-02-20 18:04:09,007 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:04:09,009 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,013 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:09,013 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,014 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1745#return; {607#true} is VALID [2022-02-20 18:04:09,014 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:04:09,017 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,020 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:09,020 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,020 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1747#return; {607#true} is VALID [2022-02-20 18:04:09,026 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 18:04:09,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:09,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,050 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,051 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,052 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {607#true} #1731#return; {607#true} is VALID [2022-02-20 18:04:09,052 INFO L290 TraceCheckUtils]: 0: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {607#true} is VALID [2022-02-20 18:04:09,053 INFO L272 TraceCheckUtils]: 1: Hoare triple {607#true} call setClientId(~bob___0, ~bob___0); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:09,053 INFO L290 TraceCheckUtils]: 2: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,053 INFO L290 TraceCheckUtils]: 3: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,054 INFO L290 TraceCheckUtils]: 4: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,054 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {607#true} {607#true} #1731#return; {607#true} is VALID [2022-02-20 18:04:09,054 INFO L290 TraceCheckUtils]: 6: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,054 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {607#true} {607#true} #1753#return; {607#true} is VALID [2022-02-20 18:04:09,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:04:09,056 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,059 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:09,060 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,062 INFO L290 TraceCheckUtils]: 0: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,062 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,062 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,062 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {607#true} #1683#return; {607#true} is VALID [2022-02-20 18:04:09,063 INFO L290 TraceCheckUtils]: 0: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {607#true} is VALID [2022-02-20 18:04:09,063 INFO L272 TraceCheckUtils]: 1: Hoare triple {607#true} call setClientId(~rjh___0, ~rjh___0); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:09,064 INFO L290 TraceCheckUtils]: 2: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,064 INFO L290 TraceCheckUtils]: 3: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,064 INFO L290 TraceCheckUtils]: 4: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,064 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {607#true} {607#true} #1683#return; {607#true} is VALID [2022-02-20 18:04:09,064 INFO L290 TraceCheckUtils]: 6: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,065 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {607#true} {607#true} #1759#return; {607#true} is VALID [2022-02-20 18:04:09,065 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:04:09,067 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,069 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:09,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,072 INFO L290 TraceCheckUtils]: 0: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,072 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,072 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,072 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {607#true} #1625#return; {607#true} is VALID [2022-02-20 18:04:09,072 INFO L290 TraceCheckUtils]: 0: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {607#true} is VALID [2022-02-20 18:04:09,073 INFO L272 TraceCheckUtils]: 1: Hoare triple {607#true} call setClientId(~chuck___0, ~chuck___0); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:09,073 INFO L290 TraceCheckUtils]: 2: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,074 INFO L290 TraceCheckUtils]: 3: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,074 INFO L290 TraceCheckUtils]: 4: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,074 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {607#true} {607#true} #1625#return; {607#true} is VALID [2022-02-20 18:04:09,074 INFO L290 TraceCheckUtils]: 6: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,074 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {607#true} {607#true} #1765#return; {607#true} is VALID [2022-02-20 18:04:09,078 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:04:09,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,081 INFO L290 TraceCheckUtils]: 0: Hoare triple {686#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,082 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,082 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,082 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {608#false} #1647#return; {608#false} is VALID [2022-02-20 18:04:09,086 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:04:09,087 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,090 INFO L290 TraceCheckUtils]: 0: Hoare triple {687#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,090 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,090 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,090 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {608#false} #1649#return; {608#false} is VALID [2022-02-20 18:04:09,090 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:04:09,091 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,093 INFO L290 TraceCheckUtils]: 0: Hoare triple {686#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,093 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,093 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,094 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {608#false} #1659#return; {608#false} is VALID [2022-02-20 18:04:09,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:04:09,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:09,096 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} ~handle := #in~handle;havoc ~retValue_acc~29; {607#true} is VALID [2022-02-20 18:04:09,097 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {607#true} is VALID [2022-02-20 18:04:09,097 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,097 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {608#false} #1661#return; {608#false} is VALID [2022-02-20 18:04:09,098 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {607#true} is VALID [2022-02-20 18:04:09,098 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {607#true} is VALID [2022-02-20 18:04:09,098 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {607#true} is VALID [2022-02-20 18:04:09,098 INFO L272 TraceCheckUtils]: 3: Hoare triple {607#true} call select_features_#t~ret5#1 := select_one(); {607#true} is VALID [2022-02-20 18:04:09,099 INFO L290 TraceCheckUtils]: 4: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:09,099 INFO L290 TraceCheckUtils]: 5: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,099 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {607#true} {607#true} #1733#return; {607#true} is VALID [2022-02-20 18:04:09,099 INFO L290 TraceCheckUtils]: 7: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {607#true} is VALID [2022-02-20 18:04:09,099 INFO L272 TraceCheckUtils]: 8: Hoare triple {607#true} call select_features_#t~ret6#1 := select_one(); {607#true} is VALID [2022-02-20 18:04:09,099 INFO L290 TraceCheckUtils]: 9: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:09,100 INFO L290 TraceCheckUtils]: 10: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,100 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {607#true} {607#true} #1735#return; {607#true} is VALID [2022-02-20 18:04:09,100 INFO L290 TraceCheckUtils]: 12: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {607#true} is VALID [2022-02-20 18:04:09,100 INFO L272 TraceCheckUtils]: 13: Hoare triple {607#true} call select_features_#t~ret7#1 := select_one(); {607#true} is VALID [2022-02-20 18:04:09,100 INFO L290 TraceCheckUtils]: 14: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:09,101 INFO L290 TraceCheckUtils]: 15: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,101 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {607#true} {607#true} #1737#return; {607#true} is VALID [2022-02-20 18:04:09,101 INFO L290 TraceCheckUtils]: 17: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {607#true} is VALID [2022-02-20 18:04:09,101 INFO L272 TraceCheckUtils]: 18: Hoare triple {607#true} call select_features_#t~ret8#1 := select_one(); {607#true} is VALID [2022-02-20 18:04:09,101 INFO L290 TraceCheckUtils]: 19: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:09,102 INFO L290 TraceCheckUtils]: 20: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,102 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {607#true} {607#true} #1739#return; {607#true} is VALID [2022-02-20 18:04:09,102 INFO L290 TraceCheckUtils]: 22: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {607#true} is VALID [2022-02-20 18:04:09,102 INFO L272 TraceCheckUtils]: 23: Hoare triple {607#true} call select_features_#t~ret9#1 := select_one(); {607#true} is VALID [2022-02-20 18:04:09,102 INFO L290 TraceCheckUtils]: 24: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:09,102 INFO L290 TraceCheckUtils]: 25: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,103 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {607#true} {607#true} #1741#return; {607#true} is VALID [2022-02-20 18:04:09,103 INFO L290 TraceCheckUtils]: 27: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {607#true} is VALID [2022-02-20 18:04:09,103 INFO L272 TraceCheckUtils]: 28: Hoare triple {607#true} call select_features_#t~ret10#1 := select_one(); {607#true} is VALID [2022-02-20 18:04:09,103 INFO L290 TraceCheckUtils]: 29: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:09,103 INFO L290 TraceCheckUtils]: 30: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,103 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {607#true} {607#true} #1743#return; {607#true} is VALID [2022-02-20 18:04:09,104 INFO L290 TraceCheckUtils]: 32: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {607#true} is VALID [2022-02-20 18:04:09,104 INFO L272 TraceCheckUtils]: 33: Hoare triple {607#true} call select_features_#t~ret11#1 := select_one(); {607#true} is VALID [2022-02-20 18:04:09,104 INFO L290 TraceCheckUtils]: 34: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:09,104 INFO L290 TraceCheckUtils]: 35: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,104 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {607#true} {607#true} #1745#return; {607#true} is VALID [2022-02-20 18:04:09,105 INFO L290 TraceCheckUtils]: 37: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {607#true} is VALID [2022-02-20 18:04:09,105 INFO L272 TraceCheckUtils]: 38: Hoare triple {607#true} call select_features_#t~ret12#1 := select_one(); {607#true} is VALID [2022-02-20 18:04:09,105 INFO L290 TraceCheckUtils]: 39: Hoare triple {607#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {607#true} is VALID [2022-02-20 18:04:09,105 INFO L290 TraceCheckUtils]: 40: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,105 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {607#true} {607#true} #1747#return; {607#true} is VALID [2022-02-20 18:04:09,105 INFO L290 TraceCheckUtils]: 42: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {607#true} is VALID [2022-02-20 18:04:09,106 INFO L290 TraceCheckUtils]: 43: Hoare triple {607#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {607#true} is VALID [2022-02-20 18:04:09,106 INFO L290 TraceCheckUtils]: 44: Hoare triple {607#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {607#true} is VALID [2022-02-20 18:04:09,106 INFO L290 TraceCheckUtils]: 45: Hoare triple {607#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~0#1 := 0; {607#true} is VALID [2022-02-20 18:04:09,106 INFO L290 TraceCheckUtils]: 46: Hoare triple {607#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {607#true} is VALID [2022-02-20 18:04:09,106 INFO L290 TraceCheckUtils]: 47: Hoare triple {607#true} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {607#true} is VALID [2022-02-20 18:04:09,107 INFO L290 TraceCheckUtils]: 48: Hoare triple {607#true} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {607#true} is VALID [2022-02-20 18:04:09,107 INFO L290 TraceCheckUtils]: 49: Hoare triple {607#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {607#true} is VALID [2022-02-20 18:04:09,108 INFO L272 TraceCheckUtils]: 50: Hoare triple {607#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:09,108 INFO L290 TraceCheckUtils]: 51: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {607#true} is VALID [2022-02-20 18:04:09,109 INFO L272 TraceCheckUtils]: 52: Hoare triple {607#true} call setClientId(~bob___0, ~bob___0); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:09,109 INFO L290 TraceCheckUtils]: 53: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,109 INFO L290 TraceCheckUtils]: 54: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,109 INFO L290 TraceCheckUtils]: 55: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,109 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {607#true} {607#true} #1731#return; {607#true} is VALID [2022-02-20 18:04:09,109 INFO L290 TraceCheckUtils]: 57: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,110 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {607#true} {607#true} #1753#return; {607#true} is VALID [2022-02-20 18:04:09,110 INFO L290 TraceCheckUtils]: 59: Hoare triple {607#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {607#true} is VALID [2022-02-20 18:04:09,110 INFO L290 TraceCheckUtils]: 60: Hoare triple {607#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {607#true} is VALID [2022-02-20 18:04:09,111 INFO L272 TraceCheckUtils]: 61: Hoare triple {607#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:09,111 INFO L290 TraceCheckUtils]: 62: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {607#true} is VALID [2022-02-20 18:04:09,112 INFO L272 TraceCheckUtils]: 63: Hoare triple {607#true} call setClientId(~rjh___0, ~rjh___0); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:09,112 INFO L290 TraceCheckUtils]: 64: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,112 INFO L290 TraceCheckUtils]: 65: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,112 INFO L290 TraceCheckUtils]: 66: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,112 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {607#true} {607#true} #1683#return; {607#true} is VALID [2022-02-20 18:04:09,112 INFO L290 TraceCheckUtils]: 68: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,113 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {607#true} {607#true} #1759#return; {607#true} is VALID [2022-02-20 18:04:09,113 INFO L290 TraceCheckUtils]: 70: Hoare triple {607#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {607#true} is VALID [2022-02-20 18:04:09,113 INFO L290 TraceCheckUtils]: 71: Hoare triple {607#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {607#true} is VALID [2022-02-20 18:04:09,114 INFO L272 TraceCheckUtils]: 72: Hoare triple {607#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:09,114 INFO L290 TraceCheckUtils]: 73: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {607#true} is VALID [2022-02-20 18:04:09,115 INFO L272 TraceCheckUtils]: 74: Hoare triple {607#true} call setClientId(~chuck___0, ~chuck___0); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:09,115 INFO L290 TraceCheckUtils]: 75: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,115 INFO L290 TraceCheckUtils]: 76: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,115 INFO L290 TraceCheckUtils]: 77: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,115 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {607#true} {607#true} #1625#return; {607#true} is VALID [2022-02-20 18:04:09,115 INFO L290 TraceCheckUtils]: 79: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,116 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {607#true} {607#true} #1765#return; {607#true} is VALID [2022-02-20 18:04:09,116 INFO L290 TraceCheckUtils]: 81: Hoare triple {607#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {607#true} is VALID [2022-02-20 18:04:09,116 INFO L290 TraceCheckUtils]: 82: Hoare triple {607#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {607#true} is VALID [2022-02-20 18:04:09,117 INFO L290 TraceCheckUtils]: 83: Hoare triple {607#true} assume !true; {608#false} is VALID [2022-02-20 18:04:09,117 INFO L290 TraceCheckUtils]: 84: Hoare triple {608#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {608#false} is VALID [2022-02-20 18:04:09,117 INFO L272 TraceCheckUtils]: 85: Hoare triple {608#false} call sendEmail(~bob~0, ~rjh~0); {608#false} is VALID [2022-02-20 18:04:09,117 INFO L290 TraceCheckUtils]: 86: Hoare triple {608#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {608#false} is VALID [2022-02-20 18:04:09,117 INFO L272 TraceCheckUtils]: 87: Hoare triple {608#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {686#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:09,117 INFO L290 TraceCheckUtils]: 88: Hoare triple {686#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,118 INFO L290 TraceCheckUtils]: 89: Hoare triple {607#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,118 INFO L290 TraceCheckUtils]: 90: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,118 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {607#true} {608#false} #1647#return; {608#false} is VALID [2022-02-20 18:04:09,118 INFO L272 TraceCheckUtils]: 92: Hoare triple {608#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {687#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:09,118 INFO L290 TraceCheckUtils]: 93: Hoare triple {687#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,118 INFO L290 TraceCheckUtils]: 94: Hoare triple {607#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,119 INFO L290 TraceCheckUtils]: 95: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,119 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {607#true} {608#false} #1649#return; {608#false} is VALID [2022-02-20 18:04:09,119 INFO L290 TraceCheckUtils]: 97: Hoare triple {608#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {608#false} is VALID [2022-02-20 18:04:09,119 INFO L290 TraceCheckUtils]: 98: Hoare triple {608#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {608#false} is VALID [2022-02-20 18:04:09,119 INFO L272 TraceCheckUtils]: 99: Hoare triple {608#false} call outgoing(~sender#1, ~email~0#1); {608#false} is VALID [2022-02-20 18:04:09,120 INFO L290 TraceCheckUtils]: 100: Hoare triple {608#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {608#false} is VALID [2022-02-20 18:04:09,120 INFO L290 TraceCheckUtils]: 101: Hoare triple {608#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {608#false} is VALID [2022-02-20 18:04:09,120 INFO L272 TraceCheckUtils]: 102: Hoare triple {608#false} call outgoing__before__Sign(~client#1, ~msg#1); {608#false} is VALID [2022-02-20 18:04:09,120 INFO L290 TraceCheckUtils]: 103: Hoare triple {608#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {608#false} is VALID [2022-02-20 18:04:09,120 INFO L290 TraceCheckUtils]: 104: Hoare triple {608#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {608#false} is VALID [2022-02-20 18:04:09,120 INFO L272 TraceCheckUtils]: 105: Hoare triple {608#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {608#false} is VALID [2022-02-20 18:04:09,121 INFO L290 TraceCheckUtils]: 106: Hoare triple {608#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {608#false} is VALID [2022-02-20 18:04:09,121 INFO L290 TraceCheckUtils]: 107: Hoare triple {608#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {608#false} is VALID [2022-02-20 18:04:09,121 INFO L272 TraceCheckUtils]: 108: Hoare triple {608#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {608#false} is VALID [2022-02-20 18:04:09,121 INFO L290 TraceCheckUtils]: 109: Hoare triple {608#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {608#false} is VALID [2022-02-20 18:04:09,121 INFO L290 TraceCheckUtils]: 110: Hoare triple {608#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {608#false} is VALID [2022-02-20 18:04:09,121 INFO L290 TraceCheckUtils]: 111: Hoare triple {608#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {608#false} is VALID [2022-02-20 18:04:09,122 INFO L272 TraceCheckUtils]: 112: Hoare triple {608#false} call setEmailFrom(~msg#1, ~tmp~14#1); {686#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:09,122 INFO L290 TraceCheckUtils]: 113: Hoare triple {686#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:04:09,122 INFO L290 TraceCheckUtils]: 114: Hoare triple {607#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {607#true} is VALID [2022-02-20 18:04:09,122 INFO L290 TraceCheckUtils]: 115: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,122 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {607#true} {608#false} #1659#return; {608#false} is VALID [2022-02-20 18:04:09,122 INFO L290 TraceCheckUtils]: 117: Hoare triple {608#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {608#false} is VALID [2022-02-20 18:04:09,123 INFO L290 TraceCheckUtils]: 118: Hoare triple {608#false} assume 0 != ~in_encrypted~0; {608#false} is VALID [2022-02-20 18:04:09,123 INFO L272 TraceCheckUtils]: 119: Hoare triple {608#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {607#true} is VALID [2022-02-20 18:04:09,123 INFO L290 TraceCheckUtils]: 120: Hoare triple {607#true} ~handle := #in~handle;havoc ~retValue_acc~29; {607#true} is VALID [2022-02-20 18:04:09,123 INFO L290 TraceCheckUtils]: 121: Hoare triple {607#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {607#true} is VALID [2022-02-20 18:04:09,123 INFO L290 TraceCheckUtils]: 122: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:04:09,123 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {607#true} {608#false} #1661#return; {608#false} is VALID [2022-02-20 18:04:09,124 INFO L290 TraceCheckUtils]: 124: Hoare triple {608#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {608#false} is VALID [2022-02-20 18:04:09,124 INFO L290 TraceCheckUtils]: 125: Hoare triple {608#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {608#false} is VALID [2022-02-20 18:04:09,124 INFO L290 TraceCheckUtils]: 126: Hoare triple {608#false} assume !false; {608#false} is VALID [2022-02-20 18:04:09,125 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:04:09,125 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:09,126 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1814198992] [2022-02-20 18:04:09,126 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1814198992] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:09,126 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:09,126 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:04:09,127 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1960905117] [2022-02-20 18:04:09,128 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:09,132 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 127 [2022-02-20 18:04:09,133 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:09,136 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:04:09,209 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 104 edges. 104 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:09,209 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:04:09,210 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:09,222 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:04:09,223 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:04:09,227 INFO L87 Difference]: Start difference. First operand has 604 states, 449 states have (on average 1.5144766146993318) internal successors, (680), 469 states have internal predecessors, (680), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) Second operand has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:04:13,269 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:13,270 INFO L93 Difference]: Finished difference Result 1081 states and 1630 transitions. [2022-02-20 18:04:13,270 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:04:13,270 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 127 [2022-02-20 18:04:13,271 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:13,272 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:04:13,315 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1630 transitions. [2022-02-20 18:04:13,315 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:04:13,354 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1630 transitions. [2022-02-20 18:04:13,354 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 1630 transitions. [2022-02-20 18:04:14,850 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1630 edges. 1630 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:14,961 INFO L225 Difference]: With dead ends: 1081 [2022-02-20 18:04:14,975 INFO L226 Difference]: Without dead ends: 739 [2022-02-20 18:04:14,981 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:04:14,984 INFO L933 BasicCegarLoop]: 922 mSDtfsCounter, 1359 mSDsluCounter, 714 mSDsCounter, 0 mSdLazyCounter, 527 mSolverCounterSat, 627 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1364 SdHoareTripleChecker+Valid, 1636 SdHoareTripleChecker+Invalid, 1154 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 627 IncrementalHoareTripleChecker+Valid, 527 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:14,985 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1364 Valid, 1636 Invalid, 1154 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [627 Valid, 527 Invalid, 0 Unknown, 0 Unchecked, 1.6s Time] [2022-02-20 18:04:14,998 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 739 states. [2022-02-20 18:04:15,055 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 739 to 597. [2022-02-20 18:04:15,056 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:15,058 INFO L82 GeneralOperation]: Start isEquivalent. First operand 739 states. Second operand has 597 states, 443 states have (on average 1.510158013544018) internal successors, (669), 462 states have internal predecessors, (669), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:04:15,061 INFO L74 IsIncluded]: Start isIncluded. First operand 739 states. Second operand has 597 states, 443 states have (on average 1.510158013544018) internal successors, (669), 462 states have internal predecessors, (669), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:04:15,063 INFO L87 Difference]: Start difference. First operand 739 states. Second operand has 597 states, 443 states have (on average 1.510158013544018) internal successors, (669), 462 states have internal predecessors, (669), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:04:15,100 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:15,101 INFO L93 Difference]: Finished difference Result 739 states and 1128 transitions. [2022-02-20 18:04:15,101 INFO L276 IsEmpty]: Start isEmpty. Operand 739 states and 1128 transitions. [2022-02-20 18:04:15,106 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:15,106 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:15,108 INFO L74 IsIncluded]: Start isIncluded. First operand has 597 states, 443 states have (on average 1.510158013544018) internal successors, (669), 462 states have internal predecessors, (669), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 739 states. [2022-02-20 18:04:15,109 INFO L87 Difference]: Start difference. First operand has 597 states, 443 states have (on average 1.510158013544018) internal successors, (669), 462 states have internal predecessors, (669), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 739 states. [2022-02-20 18:04:15,142 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:15,143 INFO L93 Difference]: Finished difference Result 739 states and 1128 transitions. [2022-02-20 18:04:15,143 INFO L276 IsEmpty]: Start isEmpty. Operand 739 states and 1128 transitions. [2022-02-20 18:04:15,145 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:15,145 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:15,145 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:15,146 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:15,147 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 597 states, 443 states have (on average 1.510158013544018) internal successors, (669), 462 states have internal predecessors, (669), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:04:15,174 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 597 states to 597 states and 888 transitions. [2022-02-20 18:04:15,176 INFO L78 Accepts]: Start accepts. Automaton has 597 states and 888 transitions. Word has length 127 [2022-02-20 18:04:15,176 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:15,176 INFO L470 AbstractCegarLoop]: Abstraction has 597 states and 888 transitions. [2022-02-20 18:04:15,177 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:04:15,177 INFO L276 IsEmpty]: Start isEmpty. Operand 597 states and 888 transitions. [2022-02-20 18:04:15,180 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 129 [2022-02-20 18:04:15,180 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:15,180 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:15,180 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:04:15,180 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:15,181 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:15,181 INFO L85 PathProgramCache]: Analyzing trace with hash -1140437170, now seen corresponding path program 1 times [2022-02-20 18:04:15,181 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:15,181 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [319769775] [2022-02-20 18:04:15,182 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:15,182 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:15,248 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,291 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:04:15,293 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,295 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,295 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,295 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1733#return; {4521#true} is VALID [2022-02-20 18:04:15,296 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:04:15,297 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,299 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,300 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,300 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1735#return; {4521#true} is VALID [2022-02-20 18:04:15,300 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:04:15,302 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,304 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,304 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,304 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1737#return; {4521#true} is VALID [2022-02-20 18:04:15,305 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:15,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,308 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1739#return; {4521#true} is VALID [2022-02-20 18:04:15,308 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:04:15,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,311 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,312 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,312 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1741#return; {4521#true} is VALID [2022-02-20 18:04:15,312 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:04:15,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,315 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,316 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1743#return; {4521#true} is VALID [2022-02-20 18:04:15,316 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:04:15,317 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,319 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,319 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,319 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1745#return; {4521#true} is VALID [2022-02-20 18:04:15,319 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:04:15,321 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,323 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,323 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,323 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1747#return; {4521#true} is VALID [2022-02-20 18:04:15,329 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 18:04:15,331 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,333 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:15,334 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,335 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,336 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,336 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,336 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4521#true} #1731#return; {4521#true} is VALID [2022-02-20 18:04:15,336 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4521#true} is VALID [2022-02-20 18:04:15,337 INFO L272 TraceCheckUtils]: 1: Hoare triple {4521#true} call setClientId(~bob___0, ~bob___0); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:15,337 INFO L290 TraceCheckUtils]: 2: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,337 INFO L290 TraceCheckUtils]: 3: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,338 INFO L290 TraceCheckUtils]: 4: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,338 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4521#true} {4521#true} #1731#return; {4521#true} is VALID [2022-02-20 18:04:15,338 INFO L290 TraceCheckUtils]: 6: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,338 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4521#true} {4522#false} #1753#return; {4522#false} is VALID [2022-02-20 18:04:15,338 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:04:15,340 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,343 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:15,344 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,347 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,347 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,347 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,347 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4521#true} #1683#return; {4521#true} is VALID [2022-02-20 18:04:15,348 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4521#true} is VALID [2022-02-20 18:04:15,348 INFO L272 TraceCheckUtils]: 1: Hoare triple {4521#true} call setClientId(~rjh___0, ~rjh___0); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:15,349 INFO L290 TraceCheckUtils]: 2: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,349 INFO L290 TraceCheckUtils]: 3: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,349 INFO L290 TraceCheckUtils]: 4: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,349 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4521#true} {4521#true} #1683#return; {4521#true} is VALID [2022-02-20 18:04:15,349 INFO L290 TraceCheckUtils]: 6: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,349 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4521#true} {4522#false} #1759#return; {4522#false} is VALID [2022-02-20 18:04:15,350 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:04:15,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,354 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:15,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,356 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,356 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,356 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4521#true} #1625#return; {4521#true} is VALID [2022-02-20 18:04:15,357 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4521#true} is VALID [2022-02-20 18:04:15,357 INFO L272 TraceCheckUtils]: 1: Hoare triple {4521#true} call setClientId(~chuck___0, ~chuck___0); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:15,358 INFO L290 TraceCheckUtils]: 2: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,358 INFO L290 TraceCheckUtils]: 3: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,358 INFO L290 TraceCheckUtils]: 4: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,358 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4521#true} {4521#true} #1625#return; {4521#true} is VALID [2022-02-20 18:04:15,358 INFO L290 TraceCheckUtils]: 6: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,358 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4521#true} {4522#false} #1765#return; {4522#false} is VALID [2022-02-20 18:04:15,364 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:04:15,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,367 INFO L290 TraceCheckUtils]: 0: Hoare triple {4603#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,367 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,367 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,367 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1647#return; {4522#false} is VALID [2022-02-20 18:04:15,374 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:04:15,374 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,376 INFO L290 TraceCheckUtils]: 0: Hoare triple {4604#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,376 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,377 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,377 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1649#return; {4522#false} is VALID [2022-02-20 18:04:15,377 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:04:15,378 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,380 INFO L290 TraceCheckUtils]: 0: Hoare triple {4603#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,380 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,380 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,380 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1659#return; {4522#false} is VALID [2022-02-20 18:04:15,380 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 18:04:15,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:15,383 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} ~handle := #in~handle;havoc ~retValue_acc~29; {4521#true} is VALID [2022-02-20 18:04:15,383 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {4521#true} is VALID [2022-02-20 18:04:15,383 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,383 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1661#return; {4522#false} is VALID [2022-02-20 18:04:15,384 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {4521#true} is VALID [2022-02-20 18:04:15,384 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {4521#true} is VALID [2022-02-20 18:04:15,384 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {4521#true} is VALID [2022-02-20 18:04:15,384 INFO L272 TraceCheckUtils]: 3: Hoare triple {4521#true} call select_features_#t~ret5#1 := select_one(); {4521#true} is VALID [2022-02-20 18:04:15,384 INFO L290 TraceCheckUtils]: 4: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,385 INFO L290 TraceCheckUtils]: 5: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,385 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {4521#true} {4521#true} #1733#return; {4521#true} is VALID [2022-02-20 18:04:15,385 INFO L290 TraceCheckUtils]: 7: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {4521#true} is VALID [2022-02-20 18:04:15,385 INFO L272 TraceCheckUtils]: 8: Hoare triple {4521#true} call select_features_#t~ret6#1 := select_one(); {4521#true} is VALID [2022-02-20 18:04:15,385 INFO L290 TraceCheckUtils]: 9: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,385 INFO L290 TraceCheckUtils]: 10: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,386 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {4521#true} {4521#true} #1735#return; {4521#true} is VALID [2022-02-20 18:04:15,386 INFO L290 TraceCheckUtils]: 12: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {4521#true} is VALID [2022-02-20 18:04:15,386 INFO L272 TraceCheckUtils]: 13: Hoare triple {4521#true} call select_features_#t~ret7#1 := select_one(); {4521#true} is VALID [2022-02-20 18:04:15,386 INFO L290 TraceCheckUtils]: 14: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,386 INFO L290 TraceCheckUtils]: 15: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,386 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4521#true} {4521#true} #1737#return; {4521#true} is VALID [2022-02-20 18:04:15,386 INFO L290 TraceCheckUtils]: 17: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {4521#true} is VALID [2022-02-20 18:04:15,387 INFO L272 TraceCheckUtils]: 18: Hoare triple {4521#true} call select_features_#t~ret8#1 := select_one(); {4521#true} is VALID [2022-02-20 18:04:15,387 INFO L290 TraceCheckUtils]: 19: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,387 INFO L290 TraceCheckUtils]: 20: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,387 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {4521#true} {4521#true} #1739#return; {4521#true} is VALID [2022-02-20 18:04:15,387 INFO L290 TraceCheckUtils]: 22: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {4521#true} is VALID [2022-02-20 18:04:15,387 INFO L272 TraceCheckUtils]: 23: Hoare triple {4521#true} call select_features_#t~ret9#1 := select_one(); {4521#true} is VALID [2022-02-20 18:04:15,388 INFO L290 TraceCheckUtils]: 24: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,388 INFO L290 TraceCheckUtils]: 25: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,388 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {4521#true} {4521#true} #1741#return; {4521#true} is VALID [2022-02-20 18:04:15,388 INFO L290 TraceCheckUtils]: 27: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {4521#true} is VALID [2022-02-20 18:04:15,388 INFO L272 TraceCheckUtils]: 28: Hoare triple {4521#true} call select_features_#t~ret10#1 := select_one(); {4521#true} is VALID [2022-02-20 18:04:15,388 INFO L290 TraceCheckUtils]: 29: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,389 INFO L290 TraceCheckUtils]: 30: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,389 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {4521#true} {4521#true} #1743#return; {4521#true} is VALID [2022-02-20 18:04:15,389 INFO L290 TraceCheckUtils]: 32: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {4521#true} is VALID [2022-02-20 18:04:15,389 INFO L272 TraceCheckUtils]: 33: Hoare triple {4521#true} call select_features_#t~ret11#1 := select_one(); {4521#true} is VALID [2022-02-20 18:04:15,389 INFO L290 TraceCheckUtils]: 34: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,389 INFO L290 TraceCheckUtils]: 35: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,390 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4521#true} {4521#true} #1745#return; {4521#true} is VALID [2022-02-20 18:04:15,390 INFO L290 TraceCheckUtils]: 37: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {4521#true} is VALID [2022-02-20 18:04:15,390 INFO L272 TraceCheckUtils]: 38: Hoare triple {4521#true} call select_features_#t~ret12#1 := select_one(); {4521#true} is VALID [2022-02-20 18:04:15,390 INFO L290 TraceCheckUtils]: 39: Hoare triple {4521#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {4521#true} is VALID [2022-02-20 18:04:15,390 INFO L290 TraceCheckUtils]: 40: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,390 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {4521#true} {4521#true} #1747#return; {4521#true} is VALID [2022-02-20 18:04:15,390 INFO L290 TraceCheckUtils]: 42: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {4521#true} is VALID [2022-02-20 18:04:15,391 INFO L290 TraceCheckUtils]: 43: Hoare triple {4521#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {4521#true} is VALID [2022-02-20 18:04:15,391 INFO L290 TraceCheckUtils]: 44: Hoare triple {4521#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {4521#true} is VALID [2022-02-20 18:04:15,391 INFO L290 TraceCheckUtils]: 45: Hoare triple {4521#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~0#1 := 0; {4547#(= |ULTIMATE.start_valid_product_~tmp~0#1| 0)} is VALID [2022-02-20 18:04:15,392 INFO L290 TraceCheckUtils]: 46: Hoare triple {4547#(= |ULTIMATE.start_valid_product_~tmp~0#1| 0)} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {4548#(= |ULTIMATE.start_valid_product_#res#1| 0)} is VALID [2022-02-20 18:04:15,392 INFO L290 TraceCheckUtils]: 47: Hoare triple {4548#(= |ULTIMATE.start_valid_product_#res#1| 0)} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {4549#(= |ULTIMATE.start_main_~tmp~26#1| 0)} is VALID [2022-02-20 18:04:15,393 INFO L290 TraceCheckUtils]: 48: Hoare triple {4549#(= |ULTIMATE.start_main_~tmp~26#1| 0)} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {4522#false} is VALID [2022-02-20 18:04:15,393 INFO L290 TraceCheckUtils]: 49: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4522#false} is VALID [2022-02-20 18:04:15,393 INFO L272 TraceCheckUtils]: 50: Hoare triple {4522#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:15,393 INFO L290 TraceCheckUtils]: 51: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4521#true} is VALID [2022-02-20 18:04:15,394 INFO L272 TraceCheckUtils]: 52: Hoare triple {4521#true} call setClientId(~bob___0, ~bob___0); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:15,394 INFO L290 TraceCheckUtils]: 53: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,394 INFO L290 TraceCheckUtils]: 54: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,394 INFO L290 TraceCheckUtils]: 55: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,394 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {4521#true} {4521#true} #1731#return; {4521#true} is VALID [2022-02-20 18:04:15,395 INFO L290 TraceCheckUtils]: 57: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,395 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4521#true} {4522#false} #1753#return; {4522#false} is VALID [2022-02-20 18:04:15,395 INFO L290 TraceCheckUtils]: 59: Hoare triple {4522#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {4522#false} is VALID [2022-02-20 18:04:15,395 INFO L290 TraceCheckUtils]: 60: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4522#false} is VALID [2022-02-20 18:04:15,395 INFO L272 TraceCheckUtils]: 61: Hoare triple {4522#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:15,395 INFO L290 TraceCheckUtils]: 62: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4521#true} is VALID [2022-02-20 18:04:15,396 INFO L272 TraceCheckUtils]: 63: Hoare triple {4521#true} call setClientId(~rjh___0, ~rjh___0); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:15,396 INFO L290 TraceCheckUtils]: 64: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,396 INFO L290 TraceCheckUtils]: 65: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,397 INFO L290 TraceCheckUtils]: 66: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,397 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {4521#true} {4521#true} #1683#return; {4521#true} is VALID [2022-02-20 18:04:15,397 INFO L290 TraceCheckUtils]: 68: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,397 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4521#true} {4522#false} #1759#return; {4522#false} is VALID [2022-02-20 18:04:15,397 INFO L290 TraceCheckUtils]: 70: Hoare triple {4522#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {4522#false} is VALID [2022-02-20 18:04:15,397 INFO L290 TraceCheckUtils]: 71: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4522#false} is VALID [2022-02-20 18:04:15,398 INFO L272 TraceCheckUtils]: 72: Hoare triple {4522#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:15,398 INFO L290 TraceCheckUtils]: 73: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4521#true} is VALID [2022-02-20 18:04:15,398 INFO L272 TraceCheckUtils]: 74: Hoare triple {4521#true} call setClientId(~chuck___0, ~chuck___0); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:15,399 INFO L290 TraceCheckUtils]: 75: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,399 INFO L290 TraceCheckUtils]: 76: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,399 INFO L290 TraceCheckUtils]: 77: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,399 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {4521#true} {4521#true} #1625#return; {4521#true} is VALID [2022-02-20 18:04:15,399 INFO L290 TraceCheckUtils]: 79: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,399 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {4521#true} {4522#false} #1765#return; {4522#false} is VALID [2022-02-20 18:04:15,399 INFO L290 TraceCheckUtils]: 81: Hoare triple {4522#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {4522#false} is VALID [2022-02-20 18:04:15,399 INFO L290 TraceCheckUtils]: 82: Hoare triple {4522#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4522#false} is VALID [2022-02-20 18:04:15,400 INFO L290 TraceCheckUtils]: 83: Hoare triple {4522#false} assume !false; {4522#false} is VALID [2022-02-20 18:04:15,400 INFO L290 TraceCheckUtils]: 84: Hoare triple {4522#false} assume !(test_~splverifierCounter~0#1 < 4); {4522#false} is VALID [2022-02-20 18:04:15,400 INFO L290 TraceCheckUtils]: 85: Hoare triple {4522#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {4522#false} is VALID [2022-02-20 18:04:15,400 INFO L272 TraceCheckUtils]: 86: Hoare triple {4522#false} call sendEmail(~bob~0, ~rjh~0); {4522#false} is VALID [2022-02-20 18:04:15,400 INFO L290 TraceCheckUtils]: 87: Hoare triple {4522#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4522#false} is VALID [2022-02-20 18:04:15,400 INFO L272 TraceCheckUtils]: 88: Hoare triple {4522#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4603#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:15,401 INFO L290 TraceCheckUtils]: 89: Hoare triple {4603#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,401 INFO L290 TraceCheckUtils]: 90: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,401 INFO L290 TraceCheckUtils]: 91: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,401 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {4521#true} {4522#false} #1647#return; {4522#false} is VALID [2022-02-20 18:04:15,401 INFO L272 TraceCheckUtils]: 93: Hoare triple {4522#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4604#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:15,401 INFO L290 TraceCheckUtils]: 94: Hoare triple {4604#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,401 INFO L290 TraceCheckUtils]: 95: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,402 INFO L290 TraceCheckUtils]: 96: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,402 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {4521#true} {4522#false} #1649#return; {4522#false} is VALID [2022-02-20 18:04:15,402 INFO L290 TraceCheckUtils]: 98: Hoare triple {4522#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {4522#false} is VALID [2022-02-20 18:04:15,402 INFO L290 TraceCheckUtils]: 99: Hoare triple {4522#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {4522#false} is VALID [2022-02-20 18:04:15,402 INFO L272 TraceCheckUtils]: 100: Hoare triple {4522#false} call outgoing(~sender#1, ~email~0#1); {4522#false} is VALID [2022-02-20 18:04:15,402 INFO L290 TraceCheckUtils]: 101: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4522#false} is VALID [2022-02-20 18:04:15,402 INFO L290 TraceCheckUtils]: 102: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {4522#false} is VALID [2022-02-20 18:04:15,403 INFO L272 TraceCheckUtils]: 103: Hoare triple {4522#false} call outgoing__before__Sign(~client#1, ~msg#1); {4522#false} is VALID [2022-02-20 18:04:15,403 INFO L290 TraceCheckUtils]: 104: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4522#false} is VALID [2022-02-20 18:04:15,403 INFO L290 TraceCheckUtils]: 105: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {4522#false} is VALID [2022-02-20 18:04:15,403 INFO L272 TraceCheckUtils]: 106: Hoare triple {4522#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {4522#false} is VALID [2022-02-20 18:04:15,403 INFO L290 TraceCheckUtils]: 107: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4522#false} is VALID [2022-02-20 18:04:15,403 INFO L290 TraceCheckUtils]: 108: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4522#false} is VALID [2022-02-20 18:04:15,403 INFO L272 TraceCheckUtils]: 109: Hoare triple {4522#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {4522#false} is VALID [2022-02-20 18:04:15,404 INFO L290 TraceCheckUtils]: 110: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {4522#false} is VALID [2022-02-20 18:04:15,404 INFO L290 TraceCheckUtils]: 111: Hoare triple {4522#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {4522#false} is VALID [2022-02-20 18:04:15,404 INFO L290 TraceCheckUtils]: 112: Hoare triple {4522#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {4522#false} is VALID [2022-02-20 18:04:15,404 INFO L272 TraceCheckUtils]: 113: Hoare triple {4522#false} call setEmailFrom(~msg#1, ~tmp~14#1); {4603#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:15,404 INFO L290 TraceCheckUtils]: 114: Hoare triple {4603#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:04:15,404 INFO L290 TraceCheckUtils]: 115: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4521#true} is VALID [2022-02-20 18:04:15,404 INFO L290 TraceCheckUtils]: 116: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,405 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {4521#true} {4522#false} #1659#return; {4522#false} is VALID [2022-02-20 18:04:15,405 INFO L290 TraceCheckUtils]: 118: Hoare triple {4522#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {4522#false} is VALID [2022-02-20 18:04:15,405 INFO L290 TraceCheckUtils]: 119: Hoare triple {4522#false} assume 0 != ~in_encrypted~0; {4522#false} is VALID [2022-02-20 18:04:15,405 INFO L272 TraceCheckUtils]: 120: Hoare triple {4522#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {4521#true} is VALID [2022-02-20 18:04:15,405 INFO L290 TraceCheckUtils]: 121: Hoare triple {4521#true} ~handle := #in~handle;havoc ~retValue_acc~29; {4521#true} is VALID [2022-02-20 18:04:15,405 INFO L290 TraceCheckUtils]: 122: Hoare triple {4521#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {4521#true} is VALID [2022-02-20 18:04:15,405 INFO L290 TraceCheckUtils]: 123: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:04:15,406 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {4521#true} {4522#false} #1661#return; {4522#false} is VALID [2022-02-20 18:04:15,406 INFO L290 TraceCheckUtils]: 125: Hoare triple {4522#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {4522#false} is VALID [2022-02-20 18:04:15,406 INFO L290 TraceCheckUtils]: 126: Hoare triple {4522#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {4522#false} is VALID [2022-02-20 18:04:15,406 INFO L290 TraceCheckUtils]: 127: Hoare triple {4522#false} assume !false; {4522#false} is VALID [2022-02-20 18:04:15,406 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:04:15,407 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:15,407 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [319769775] [2022-02-20 18:04:15,407 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [319769775] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:15,407 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:15,407 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:04:15,407 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [396302107] [2022-02-20 18:04:15,408 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:15,409 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 128 [2022-02-20 18:04:15,409 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:15,409 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:04:15,488 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:15,489 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:04:15,489 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:15,489 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:04:15,489 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:04:15,490 INFO L87 Difference]: Start difference. First operand 597 states and 888 transitions. Second operand has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:04:23,808 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:23,808 INFO L93 Difference]: Finished difference Result 1300 states and 1960 transitions. [2022-02-20 18:04:23,808 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 18:04:23,809 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 128 [2022-02-20 18:04:23,809 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:23,810 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:04:23,845 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1960 transitions. [2022-02-20 18:04:23,845 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:04:23,871 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1960 transitions. [2022-02-20 18:04:23,871 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1960 transitions. [2022-02-20 18:04:25,541 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1960 edges. 1960 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:25,575 INFO L225 Difference]: With dead ends: 1300 [2022-02-20 18:04:25,575 INFO L226 Difference]: Without dead ends: 739 [2022-02-20 18:04:25,580 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=139, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:04:25,582 INFO L933 BasicCegarLoop]: 914 mSDtfsCounter, 1349 mSDsluCounter, 1474 mSDsCounter, 0 mSdLazyCounter, 2950 mSolverCounterSat, 636 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1355 SdHoareTripleChecker+Valid, 2388 SdHoareTripleChecker+Invalid, 3586 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 636 IncrementalHoareTripleChecker+Valid, 2950 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:25,582 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1355 Valid, 2388 Invalid, 3586 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [636 Valid, 2950 Invalid, 0 Unknown, 0 Unchecked, 3.9s Time] [2022-02-20 18:04:25,585 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 739 states. [2022-02-20 18:04:25,633 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 739 to 597. [2022-02-20 18:04:25,633 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:25,635 INFO L82 GeneralOperation]: Start isEquivalent. First operand 739 states. Second operand has 597 states, 443 states have (on average 1.4943566591422122) internal successors, (662), 462 states have internal predecessors, (662), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:04:25,636 INFO L74 IsIncluded]: Start isIncluded. First operand 739 states. Second operand has 597 states, 443 states have (on average 1.4943566591422122) internal successors, (662), 462 states have internal predecessors, (662), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:04:25,637 INFO L87 Difference]: Start difference. First operand 739 states. Second operand has 597 states, 443 states have (on average 1.4943566591422122) internal successors, (662), 462 states have internal predecessors, (662), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:04:25,666 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:25,666 INFO L93 Difference]: Finished difference Result 739 states and 1121 transitions. [2022-02-20 18:04:25,667 INFO L276 IsEmpty]: Start isEmpty. Operand 739 states and 1121 transitions. [2022-02-20 18:04:25,670 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:25,670 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:25,671 INFO L74 IsIncluded]: Start isIncluded. First operand has 597 states, 443 states have (on average 1.4943566591422122) internal successors, (662), 462 states have internal predecessors, (662), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 739 states. [2022-02-20 18:04:25,672 INFO L87 Difference]: Start difference. First operand has 597 states, 443 states have (on average 1.4943566591422122) internal successors, (662), 462 states have internal predecessors, (662), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 739 states. [2022-02-20 18:04:25,699 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:25,699 INFO L93 Difference]: Finished difference Result 739 states and 1121 transitions. [2022-02-20 18:04:25,699 INFO L276 IsEmpty]: Start isEmpty. Operand 739 states and 1121 transitions. [2022-02-20 18:04:25,701 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:25,702 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:25,702 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:25,702 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:25,703 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 597 states, 443 states have (on average 1.4943566591422122) internal successors, (662), 462 states have internal predecessors, (662), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:04:25,724 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 597 states to 597 states and 881 transitions. [2022-02-20 18:04:25,725 INFO L78 Accepts]: Start accepts. Automaton has 597 states and 881 transitions. Word has length 128 [2022-02-20 18:04:25,725 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:25,725 INFO L470 AbstractCegarLoop]: Abstraction has 597 states and 881 transitions. [2022-02-20 18:04:25,725 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:04:25,726 INFO L276 IsEmpty]: Start isEmpty. Operand 597 states and 881 transitions. [2022-02-20 18:04:25,728 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 134 [2022-02-20 18:04:25,728 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:25,729 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:25,729 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:04:25,729 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:25,730 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:25,730 INFO L85 PathProgramCache]: Analyzing trace with hash 123449077, now seen corresponding path program 1 times [2022-02-20 18:04:25,730 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:25,730 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [513917470] [2022-02-20 18:04:25,730 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:25,730 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:25,828 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,864 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:04:25,866 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,868 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,868 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,868 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8733#true} #1733#return; {8733#true} is VALID [2022-02-20 18:04:25,868 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:04:25,869 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,871 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,871 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,871 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8733#true} #1735#return; {8733#true} is VALID [2022-02-20 18:04:25,871 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:04:25,873 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,876 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,876 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,877 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1737#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,877 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:25,879 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,881 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,881 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,882 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1739#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,882 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:04:25,885 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,889 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,889 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,890 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1741#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,890 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:04:25,892 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,893 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,894 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,894 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1743#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,894 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:04:25,896 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,897 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,897 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,898 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1745#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,898 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:04:25,900 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,902 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,902 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,902 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1747#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,907 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:04:25,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,910 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:25,911 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,912 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,912 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,913 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,913 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8733#true} #1731#return; {8733#true} is VALID [2022-02-20 18:04:25,913 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8733#true} is VALID [2022-02-20 18:04:25,913 INFO L272 TraceCheckUtils]: 1: Hoare triple {8733#true} call setClientId(~bob___0, ~bob___0); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,914 INFO L290 TraceCheckUtils]: 2: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,914 INFO L290 TraceCheckUtils]: 3: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,914 INFO L290 TraceCheckUtils]: 4: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,914 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8733#true} {8733#true} #1731#return; {8733#true} is VALID [2022-02-20 18:04:25,914 INFO L290 TraceCheckUtils]: 6: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,914 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8733#true} {8734#false} #1753#return; {8734#false} is VALID [2022-02-20 18:04:25,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:04:25,916 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,921 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:25,921 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,923 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,923 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,923 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,923 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8733#true} #1683#return; {8733#true} is VALID [2022-02-20 18:04:25,924 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8733#true} is VALID [2022-02-20 18:04:25,924 INFO L272 TraceCheckUtils]: 1: Hoare triple {8733#true} call setClientId(~rjh___0, ~rjh___0); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,924 INFO L290 TraceCheckUtils]: 2: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,925 INFO L290 TraceCheckUtils]: 3: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,925 INFO L290 TraceCheckUtils]: 4: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,925 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8733#true} {8733#true} #1683#return; {8733#true} is VALID [2022-02-20 18:04:25,925 INFO L290 TraceCheckUtils]: 6: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,925 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8733#true} {8734#false} #1759#return; {8734#false} is VALID [2022-02-20 18:04:25,925 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:04:25,927 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,928 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:25,929 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,931 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,931 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,931 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,931 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8733#true} #1625#return; {8733#true} is VALID [2022-02-20 18:04:25,932 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8733#true} is VALID [2022-02-20 18:04:25,932 INFO L272 TraceCheckUtils]: 1: Hoare triple {8733#true} call setClientId(~chuck___0, ~chuck___0); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,932 INFO L290 TraceCheckUtils]: 2: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,933 INFO L290 TraceCheckUtils]: 3: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,933 INFO L290 TraceCheckUtils]: 4: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,933 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8733#true} {8733#true} #1625#return; {8733#true} is VALID [2022-02-20 18:04:25,933 INFO L290 TraceCheckUtils]: 6: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,933 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8733#true} {8734#false} #1765#return; {8734#false} is VALID [2022-02-20 18:04:25,937 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:04:25,938 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,939 INFO L290 TraceCheckUtils]: 0: Hoare triple {8813#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,940 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,940 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,940 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8734#false} #1647#return; {8734#false} is VALID [2022-02-20 18:04:25,944 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:04:25,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,946 INFO L290 TraceCheckUtils]: 0: Hoare triple {8814#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,946 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,947 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,947 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8734#false} #1649#return; {8734#false} is VALID [2022-02-20 18:04:25,947 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:04:25,948 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,949 INFO L290 TraceCheckUtils]: 0: Hoare triple {8813#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,949 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,949 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,949 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8734#false} #1659#return; {8734#false} is VALID [2022-02-20 18:04:25,950 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:04:25,950 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:25,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} ~handle := #in~handle;havoc ~retValue_acc~29; {8733#true} is VALID [2022-02-20 18:04:25,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {8733#true} is VALID [2022-02-20 18:04:25,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,969 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8734#false} #1661#return; {8734#false} is VALID [2022-02-20 18:04:25,970 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {8733#true} is VALID [2022-02-20 18:04:25,970 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {8733#true} is VALID [2022-02-20 18:04:25,970 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {8733#true} is VALID [2022-02-20 18:04:25,970 INFO L272 TraceCheckUtils]: 3: Hoare triple {8733#true} call select_features_#t~ret5#1 := select_one(); {8733#true} is VALID [2022-02-20 18:04:25,970 INFO L290 TraceCheckUtils]: 4: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,970 INFO L290 TraceCheckUtils]: 5: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,971 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {8733#true} {8733#true} #1733#return; {8733#true} is VALID [2022-02-20 18:04:25,971 INFO L290 TraceCheckUtils]: 7: Hoare triple {8733#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {8733#true} is VALID [2022-02-20 18:04:25,971 INFO L272 TraceCheckUtils]: 8: Hoare triple {8733#true} call select_features_#t~ret6#1 := select_one(); {8733#true} is VALID [2022-02-20 18:04:25,971 INFO L290 TraceCheckUtils]: 9: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,971 INFO L290 TraceCheckUtils]: 10: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,971 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {8733#true} {8733#true} #1735#return; {8733#true} is VALID [2022-02-20 18:04:25,972 INFO L290 TraceCheckUtils]: 12: Hoare triple {8733#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,972 INFO L272 TraceCheckUtils]: 13: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret7#1 := select_one(); {8733#true} is VALID [2022-02-20 18:04:25,972 INFO L290 TraceCheckUtils]: 14: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,972 INFO L290 TraceCheckUtils]: 15: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,972 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1737#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,973 INFO L290 TraceCheckUtils]: 17: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,973 INFO L272 TraceCheckUtils]: 18: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret8#1 := select_one(); {8733#true} is VALID [2022-02-20 18:04:25,973 INFO L290 TraceCheckUtils]: 19: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,973 INFO L290 TraceCheckUtils]: 20: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,974 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1739#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,979 INFO L290 TraceCheckUtils]: 22: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,979 INFO L272 TraceCheckUtils]: 23: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret9#1 := select_one(); {8733#true} is VALID [2022-02-20 18:04:25,979 INFO L290 TraceCheckUtils]: 24: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,979 INFO L290 TraceCheckUtils]: 25: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,980 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1741#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,980 INFO L290 TraceCheckUtils]: 27: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,980 INFO L272 TraceCheckUtils]: 28: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret10#1 := select_one(); {8733#true} is VALID [2022-02-20 18:04:25,980 INFO L290 TraceCheckUtils]: 29: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,980 INFO L290 TraceCheckUtils]: 30: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,981 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1743#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,981 INFO L290 TraceCheckUtils]: 32: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,981 INFO L272 TraceCheckUtils]: 33: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret11#1 := select_one(); {8733#true} is VALID [2022-02-20 18:04:25,981 INFO L290 TraceCheckUtils]: 34: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,982 INFO L290 TraceCheckUtils]: 35: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,982 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1745#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,982 INFO L290 TraceCheckUtils]: 37: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,982 INFO L272 TraceCheckUtils]: 38: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret12#1 := select_one(); {8733#true} is VALID [2022-02-20 18:04:25,983 INFO L290 TraceCheckUtils]: 39: Hoare triple {8733#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {8733#true} is VALID [2022-02-20 18:04:25,983 INFO L290 TraceCheckUtils]: 40: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,983 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1747#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,983 INFO L290 TraceCheckUtils]: 42: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,984 INFO L290 TraceCheckUtils]: 43: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:04:25,984 INFO L290 TraceCheckUtils]: 44: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8734#false} is VALID [2022-02-20 18:04:25,984 INFO L290 TraceCheckUtils]: 45: Hoare triple {8734#false} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {8734#false} is VALID [2022-02-20 18:04:25,984 INFO L290 TraceCheckUtils]: 46: Hoare triple {8734#false} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8734#false} is VALID [2022-02-20 18:04:25,984 INFO L290 TraceCheckUtils]: 47: Hoare triple {8734#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8734#false} is VALID [2022-02-20 18:04:25,985 INFO L290 TraceCheckUtils]: 48: Hoare triple {8734#false} assume 0 == ~__SELECTED_FEATURE_Verify~0; {8734#false} is VALID [2022-02-20 18:04:25,985 INFO L290 TraceCheckUtils]: 49: Hoare triple {8734#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8734#false} is VALID [2022-02-20 18:04:25,985 INFO L290 TraceCheckUtils]: 50: Hoare triple {8734#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {8734#false} is VALID [2022-02-20 18:04:25,985 INFO L290 TraceCheckUtils]: 51: Hoare triple {8734#false} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {8734#false} is VALID [2022-02-20 18:04:25,985 INFO L290 TraceCheckUtils]: 52: Hoare triple {8734#false} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {8734#false} is VALID [2022-02-20 18:04:25,985 INFO L290 TraceCheckUtils]: 53: Hoare triple {8734#false} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {8734#false} is VALID [2022-02-20 18:04:25,985 INFO L290 TraceCheckUtils]: 54: Hoare triple {8734#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8734#false} is VALID [2022-02-20 18:04:25,985 INFO L272 TraceCheckUtils]: 55: Hoare triple {8734#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,986 INFO L290 TraceCheckUtils]: 56: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8733#true} is VALID [2022-02-20 18:04:25,986 INFO L272 TraceCheckUtils]: 57: Hoare triple {8733#true} call setClientId(~bob___0, ~bob___0); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,986 INFO L290 TraceCheckUtils]: 58: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,986 INFO L290 TraceCheckUtils]: 59: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,987 INFO L290 TraceCheckUtils]: 60: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,987 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {8733#true} {8733#true} #1731#return; {8733#true} is VALID [2022-02-20 18:04:25,987 INFO L290 TraceCheckUtils]: 62: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,987 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {8733#true} {8734#false} #1753#return; {8734#false} is VALID [2022-02-20 18:04:25,987 INFO L290 TraceCheckUtils]: 64: Hoare triple {8734#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {8734#false} is VALID [2022-02-20 18:04:25,987 INFO L290 TraceCheckUtils]: 65: Hoare triple {8734#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8734#false} is VALID [2022-02-20 18:04:25,987 INFO L272 TraceCheckUtils]: 66: Hoare triple {8734#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,987 INFO L290 TraceCheckUtils]: 67: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8733#true} is VALID [2022-02-20 18:04:25,988 INFO L272 TraceCheckUtils]: 68: Hoare triple {8733#true} call setClientId(~rjh___0, ~rjh___0); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,988 INFO L290 TraceCheckUtils]: 69: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,988 INFO L290 TraceCheckUtils]: 70: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,988 INFO L290 TraceCheckUtils]: 71: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,988 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {8733#true} {8733#true} #1683#return; {8733#true} is VALID [2022-02-20 18:04:25,988 INFO L290 TraceCheckUtils]: 73: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,989 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {8733#true} {8734#false} #1759#return; {8734#false} is VALID [2022-02-20 18:04:25,989 INFO L290 TraceCheckUtils]: 75: Hoare triple {8734#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {8734#false} is VALID [2022-02-20 18:04:25,989 INFO L290 TraceCheckUtils]: 76: Hoare triple {8734#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8734#false} is VALID [2022-02-20 18:04:25,989 INFO L272 TraceCheckUtils]: 77: Hoare triple {8734#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,989 INFO L290 TraceCheckUtils]: 78: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8733#true} is VALID [2022-02-20 18:04:25,990 INFO L272 TraceCheckUtils]: 79: Hoare triple {8733#true} call setClientId(~chuck___0, ~chuck___0); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:25,990 INFO L290 TraceCheckUtils]: 80: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,990 INFO L290 TraceCheckUtils]: 81: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,990 INFO L290 TraceCheckUtils]: 82: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,990 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {8733#true} {8733#true} #1625#return; {8733#true} is VALID [2022-02-20 18:04:25,990 INFO L290 TraceCheckUtils]: 84: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,990 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8733#true} {8734#false} #1765#return; {8734#false} is VALID [2022-02-20 18:04:25,991 INFO L290 TraceCheckUtils]: 86: Hoare triple {8734#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {8734#false} is VALID [2022-02-20 18:04:25,991 INFO L290 TraceCheckUtils]: 87: Hoare triple {8734#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8734#false} is VALID [2022-02-20 18:04:25,991 INFO L290 TraceCheckUtils]: 88: Hoare triple {8734#false} assume !false; {8734#false} is VALID [2022-02-20 18:04:25,991 INFO L290 TraceCheckUtils]: 89: Hoare triple {8734#false} assume !(test_~splverifierCounter~0#1 < 4); {8734#false} is VALID [2022-02-20 18:04:25,991 INFO L290 TraceCheckUtils]: 90: Hoare triple {8734#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {8734#false} is VALID [2022-02-20 18:04:25,991 INFO L272 TraceCheckUtils]: 91: Hoare triple {8734#false} call sendEmail(~bob~0, ~rjh~0); {8734#false} is VALID [2022-02-20 18:04:25,991 INFO L290 TraceCheckUtils]: 92: Hoare triple {8734#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8734#false} is VALID [2022-02-20 18:04:25,991 INFO L272 TraceCheckUtils]: 93: Hoare triple {8734#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8813#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:25,991 INFO L290 TraceCheckUtils]: 94: Hoare triple {8813#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,992 INFO L290 TraceCheckUtils]: 95: Hoare triple {8733#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,992 INFO L290 TraceCheckUtils]: 96: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,992 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8733#true} {8734#false} #1647#return; {8734#false} is VALID [2022-02-20 18:04:25,992 INFO L272 TraceCheckUtils]: 98: Hoare triple {8734#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8814#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:25,992 INFO L290 TraceCheckUtils]: 99: Hoare triple {8814#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,992 INFO L290 TraceCheckUtils]: 100: Hoare triple {8733#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,992 INFO L290 TraceCheckUtils]: 101: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,992 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {8733#true} {8734#false} #1649#return; {8734#false} is VALID [2022-02-20 18:04:25,993 INFO L290 TraceCheckUtils]: 103: Hoare triple {8734#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {8734#false} is VALID [2022-02-20 18:04:25,993 INFO L290 TraceCheckUtils]: 104: Hoare triple {8734#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {8734#false} is VALID [2022-02-20 18:04:25,993 INFO L272 TraceCheckUtils]: 105: Hoare triple {8734#false} call outgoing(~sender#1, ~email~0#1); {8734#false} is VALID [2022-02-20 18:04:25,993 INFO L290 TraceCheckUtils]: 106: Hoare triple {8734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8734#false} is VALID [2022-02-20 18:04:25,993 INFO L290 TraceCheckUtils]: 107: Hoare triple {8734#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {8734#false} is VALID [2022-02-20 18:04:25,993 INFO L272 TraceCheckUtils]: 108: Hoare triple {8734#false} call outgoing__before__Sign(~client#1, ~msg#1); {8734#false} is VALID [2022-02-20 18:04:25,993 INFO L290 TraceCheckUtils]: 109: Hoare triple {8734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8734#false} is VALID [2022-02-20 18:04:25,993 INFO L290 TraceCheckUtils]: 110: Hoare triple {8734#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {8734#false} is VALID [2022-02-20 18:04:25,993 INFO L272 TraceCheckUtils]: 111: Hoare triple {8734#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {8734#false} is VALID [2022-02-20 18:04:25,994 INFO L290 TraceCheckUtils]: 112: Hoare triple {8734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8734#false} is VALID [2022-02-20 18:04:25,994 INFO L290 TraceCheckUtils]: 113: Hoare triple {8734#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8734#false} is VALID [2022-02-20 18:04:25,994 INFO L272 TraceCheckUtils]: 114: Hoare triple {8734#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {8734#false} is VALID [2022-02-20 18:04:25,994 INFO L290 TraceCheckUtils]: 115: Hoare triple {8734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {8734#false} is VALID [2022-02-20 18:04:25,994 INFO L290 TraceCheckUtils]: 116: Hoare triple {8734#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {8734#false} is VALID [2022-02-20 18:04:25,994 INFO L290 TraceCheckUtils]: 117: Hoare triple {8734#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {8734#false} is VALID [2022-02-20 18:04:25,994 INFO L272 TraceCheckUtils]: 118: Hoare triple {8734#false} call setEmailFrom(~msg#1, ~tmp~14#1); {8813#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:25,994 INFO L290 TraceCheckUtils]: 119: Hoare triple {8813#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:04:25,995 INFO L290 TraceCheckUtils]: 120: Hoare triple {8733#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8733#true} is VALID [2022-02-20 18:04:25,995 INFO L290 TraceCheckUtils]: 121: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,995 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {8733#true} {8734#false} #1659#return; {8734#false} is VALID [2022-02-20 18:04:25,995 INFO L290 TraceCheckUtils]: 123: Hoare triple {8734#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {8734#false} is VALID [2022-02-20 18:04:25,995 INFO L290 TraceCheckUtils]: 124: Hoare triple {8734#false} assume 0 != ~in_encrypted~0; {8734#false} is VALID [2022-02-20 18:04:25,995 INFO L272 TraceCheckUtils]: 125: Hoare triple {8734#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {8733#true} is VALID [2022-02-20 18:04:25,995 INFO L290 TraceCheckUtils]: 126: Hoare triple {8733#true} ~handle := #in~handle;havoc ~retValue_acc~29; {8733#true} is VALID [2022-02-20 18:04:25,995 INFO L290 TraceCheckUtils]: 127: Hoare triple {8733#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {8733#true} is VALID [2022-02-20 18:04:25,996 INFO L290 TraceCheckUtils]: 128: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:04:25,996 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {8733#true} {8734#false} #1661#return; {8734#false} is VALID [2022-02-20 18:04:25,996 INFO L290 TraceCheckUtils]: 130: Hoare triple {8734#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {8734#false} is VALID [2022-02-20 18:04:25,996 INFO L290 TraceCheckUtils]: 131: Hoare triple {8734#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {8734#false} is VALID [2022-02-20 18:04:25,996 INFO L290 TraceCheckUtils]: 132: Hoare triple {8734#false} assume !false; {8734#false} is VALID [2022-02-20 18:04:25,996 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:04:25,997 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:25,997 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [513917470] [2022-02-20 18:04:25,997 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [513917470] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:25,997 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:25,997 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:04:25,997 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [665573030] [2022-02-20 18:04:25,997 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:25,998 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) Word has length 133 [2022-02-20 18:04:25,998 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:25,998 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:04:26,104 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 110 edges. 110 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:26,105 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:04:26,105 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:26,105 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:04:26,105 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:04:26,106 INFO L87 Difference]: Start difference. First operand 597 states and 881 transitions. Second operand has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:04:30,754 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:30,754 INFO L93 Difference]: Finished difference Result 1310 states and 1992 transitions. [2022-02-20 18:04:30,754 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:04:30,755 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) Word has length 133 [2022-02-20 18:04:30,755 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:30,755 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:04:30,778 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1992 transitions. [2022-02-20 18:04:30,778 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:04:30,804 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1992 transitions. [2022-02-20 18:04:30,804 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1992 transitions. [2022-02-20 18:04:32,627 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1992 edges. 1992 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:32,685 INFO L225 Difference]: With dead ends: 1310 [2022-02-20 18:04:32,685 INFO L226 Difference]: Without dead ends: 738 [2022-02-20 18:04:32,688 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:04:32,694 INFO L933 BasicCegarLoop]: 884 mSDtfsCounter, 2064 mSDsluCounter, 662 mSDsCounter, 0 mSdLazyCounter, 527 mSolverCounterSat, 819 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2092 SdHoareTripleChecker+Valid, 1546 SdHoareTripleChecker+Invalid, 1346 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 819 IncrementalHoareTripleChecker+Valid, 527 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:32,695 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2092 Valid, 1546 Invalid, 1346 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [819 Valid, 527 Invalid, 0 Unknown, 0 Unchecked, 1.8s Time] [2022-02-20 18:04:32,696 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 738 states. [2022-02-20 18:04:32,761 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 738 to 596. [2022-02-20 18:04:32,761 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:32,765 INFO L82 GeneralOperation]: Start isEquivalent. First operand 738 states. Second operand has 596 states, 444 states have (on average 1.481981981981982) internal successors, (658), 461 states have internal predecessors, (658), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 18:04:32,769 INFO L74 IsIncluded]: Start isIncluded. First operand 738 states. Second operand has 596 states, 444 states have (on average 1.481981981981982) internal successors, (658), 461 states have internal predecessors, (658), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 18:04:32,775 INFO L87 Difference]: Start difference. First operand 738 states. Second operand has 596 states, 444 states have (on average 1.481981981981982) internal successors, (658), 461 states have internal predecessors, (658), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 18:04:32,841 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:32,842 INFO L93 Difference]: Finished difference Result 738 states and 1108 transitions. [2022-02-20 18:04:32,842 INFO L276 IsEmpty]: Start isEmpty. Operand 738 states and 1108 transitions. [2022-02-20 18:04:32,844 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:32,844 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:32,846 INFO L74 IsIncluded]: Start isIncluded. First operand has 596 states, 444 states have (on average 1.481981981981982) internal successors, (658), 461 states have internal predecessors, (658), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) Second operand 738 states. [2022-02-20 18:04:32,847 INFO L87 Difference]: Start difference. First operand has 596 states, 444 states have (on average 1.481981981981982) internal successors, (658), 461 states have internal predecessors, (658), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) Second operand 738 states. [2022-02-20 18:04:32,909 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:32,909 INFO L93 Difference]: Finished difference Result 738 states and 1108 transitions. [2022-02-20 18:04:32,909 INFO L276 IsEmpty]: Start isEmpty. Operand 738 states and 1108 transitions. [2022-02-20 18:04:32,913 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:32,927 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:32,927 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:32,927 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:32,929 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 596 states, 444 states have (on average 1.481981981981982) internal successors, (658), 461 states have internal predecessors, (658), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 18:04:32,967 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 596 states to 596 states and 871 transitions. [2022-02-20 18:04:32,968 INFO L78 Accepts]: Start accepts. Automaton has 596 states and 871 transitions. Word has length 133 [2022-02-20 18:04:32,968 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:32,968 INFO L470 AbstractCegarLoop]: Abstraction has 596 states and 871 transitions. [2022-02-20 18:04:32,969 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:04:32,969 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 871 transitions. [2022-02-20 18:04:32,970 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 150 [2022-02-20 18:04:32,970 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:32,970 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:32,971 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:04:32,971 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:32,973 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:32,973 INFO L85 PathProgramCache]: Analyzing trace with hash 235987301, now seen corresponding path program 1 times [2022-02-20 18:04:32,974 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:32,974 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [388259692] [2022-02-20 18:04:32,974 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:32,974 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:33,049 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:04:33,115 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,119 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,119 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,119 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1733#return; {12952#true} is VALID [2022-02-20 18:04:33,119 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:04:33,121 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,131 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,132 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,132 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1735#return; {12952#true} is VALID [2022-02-20 18:04:33,132 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:04:33,134 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,137 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,137 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,137 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1737#return; {12952#true} is VALID [2022-02-20 18:04:33,137 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:33,140 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,142 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,142 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,142 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1739#return; {12952#true} is VALID [2022-02-20 18:04:33,142 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:04:33,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,146 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,146 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,146 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1741#return; {12952#true} is VALID [2022-02-20 18:04:33,146 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:04:33,148 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,164 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,164 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,164 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1743#return; {12952#true} is VALID [2022-02-20 18:04:33,165 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:04:33,167 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,171 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,171 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,171 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1745#return; {12952#true} is VALID [2022-02-20 18:04:33,172 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:04:33,174 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,176 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,176 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,176 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1747#return; {12952#true} is VALID [2022-02-20 18:04:33,180 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:04:33,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,200 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:33,202 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,204 INFO L290 TraceCheckUtils]: 0: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,204 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,205 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,205 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12952#true} #1731#return; {12952#true} is VALID [2022-02-20 18:04:33,206 INFO L290 TraceCheckUtils]: 0: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12952#true} is VALID [2022-02-20 18:04:33,206 INFO L272 TraceCheckUtils]: 1: Hoare triple {12952#true} call setClientId(~bob___0, ~bob___0); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:33,207 INFO L290 TraceCheckUtils]: 2: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,207 INFO L290 TraceCheckUtils]: 3: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,207 INFO L290 TraceCheckUtils]: 4: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,207 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12952#true} {12952#true} #1731#return; {12952#true} is VALID [2022-02-20 18:04:33,207 INFO L290 TraceCheckUtils]: 6: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,210 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12952#true} {12953#false} #1753#return; {12953#false} is VALID [2022-02-20 18:04:33,210 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:04:33,212 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,215 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:33,215 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,217 INFO L290 TraceCheckUtils]: 0: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,217 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,218 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,218 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12952#true} #1683#return; {12952#true} is VALID [2022-02-20 18:04:33,218 INFO L290 TraceCheckUtils]: 0: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12952#true} is VALID [2022-02-20 18:04:33,228 INFO L272 TraceCheckUtils]: 1: Hoare triple {12952#true} call setClientId(~rjh___0, ~rjh___0); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:33,228 INFO L290 TraceCheckUtils]: 2: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,228 INFO L290 TraceCheckUtils]: 3: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,228 INFO L290 TraceCheckUtils]: 4: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,228 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12952#true} {12952#true} #1683#return; {12952#true} is VALID [2022-02-20 18:04:33,228 INFO L290 TraceCheckUtils]: 6: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,228 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12952#true} {12953#false} #1759#return; {12953#false} is VALID [2022-02-20 18:04:33,228 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:04:33,230 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,233 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:33,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,235 INFO L290 TraceCheckUtils]: 0: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,236 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12952#true} #1625#return; {12952#true} is VALID [2022-02-20 18:04:33,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12952#true} is VALID [2022-02-20 18:04:33,237 INFO L272 TraceCheckUtils]: 1: Hoare triple {12952#true} call setClientId(~chuck___0, ~chuck___0); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:33,237 INFO L290 TraceCheckUtils]: 2: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,237 INFO L290 TraceCheckUtils]: 3: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,237 INFO L290 TraceCheckUtils]: 4: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,237 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12952#true} {12952#true} #1625#return; {12952#true} is VALID [2022-02-20 18:04:33,237 INFO L290 TraceCheckUtils]: 6: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,238 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12952#true} {12953#false} #1765#return; {12953#false} is VALID [2022-02-20 18:04:33,242 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:04:33,243 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,246 INFO L290 TraceCheckUtils]: 0: Hoare triple {13041#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,247 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,247 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,247 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12953#false} #1647#return; {12953#false} is VALID [2022-02-20 18:04:33,252 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:04:33,253 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,255 INFO L290 TraceCheckUtils]: 0: Hoare triple {13042#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,255 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,255 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,255 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12953#false} #1649#return; {12953#false} is VALID [2022-02-20 18:04:33,255 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:04:33,256 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,259 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} ~handle := #in~handle;havoc ~retValue_acc~26; {12952#true} is VALID [2022-02-20 18:04:33,259 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12952#true} is VALID [2022-02-20 18:04:33,259 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,259 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12953#false} #1613#return; {12953#false} is VALID [2022-02-20 18:04:33,260 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:04:33,261 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,263 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:04:33,263 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle; {12952#true} is VALID [2022-02-20 18:04:33,264 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:04:33,264 INFO L290 TraceCheckUtils]: 3: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,264 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12952#true} {12953#false} #1615#return; {12953#false} is VALID [2022-02-20 18:04:33,264 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 134 [2022-02-20 18:04:33,265 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,274 INFO L290 TraceCheckUtils]: 0: Hoare triple {13041#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,274 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,274 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,274 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12953#false} #1659#return; {12953#false} is VALID [2022-02-20 18:04:33,274 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 18:04:33,275 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:33,277 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} ~handle := #in~handle;havoc ~retValue_acc~29; {12952#true} is VALID [2022-02-20 18:04:33,278 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {12952#true} is VALID [2022-02-20 18:04:33,278 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,278 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12953#false} #1661#return; {12953#false} is VALID [2022-02-20 18:04:33,278 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {12952#true} is VALID [2022-02-20 18:04:33,278 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {12952#true} is VALID [2022-02-20 18:04:33,278 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {12952#true} is VALID [2022-02-20 18:04:33,279 INFO L272 TraceCheckUtils]: 3: Hoare triple {12952#true} call select_features_#t~ret5#1 := select_one(); {12952#true} is VALID [2022-02-20 18:04:33,279 INFO L290 TraceCheckUtils]: 4: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,279 INFO L290 TraceCheckUtils]: 5: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,279 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {12952#true} {12952#true} #1733#return; {12952#true} is VALID [2022-02-20 18:04:33,279 INFO L290 TraceCheckUtils]: 7: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {12952#true} is VALID [2022-02-20 18:04:33,279 INFO L272 TraceCheckUtils]: 8: Hoare triple {12952#true} call select_features_#t~ret6#1 := select_one(); {12952#true} is VALID [2022-02-20 18:04:33,280 INFO L290 TraceCheckUtils]: 9: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,280 INFO L290 TraceCheckUtils]: 10: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,280 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {12952#true} {12952#true} #1735#return; {12952#true} is VALID [2022-02-20 18:04:33,280 INFO L290 TraceCheckUtils]: 12: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {12952#true} is VALID [2022-02-20 18:04:33,280 INFO L272 TraceCheckUtils]: 13: Hoare triple {12952#true} call select_features_#t~ret7#1 := select_one(); {12952#true} is VALID [2022-02-20 18:04:33,280 INFO L290 TraceCheckUtils]: 14: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,280 INFO L290 TraceCheckUtils]: 15: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,280 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12952#true} {12952#true} #1737#return; {12952#true} is VALID [2022-02-20 18:04:33,281 INFO L290 TraceCheckUtils]: 17: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {12952#true} is VALID [2022-02-20 18:04:33,281 INFO L272 TraceCheckUtils]: 18: Hoare triple {12952#true} call select_features_#t~ret8#1 := select_one(); {12952#true} is VALID [2022-02-20 18:04:33,281 INFO L290 TraceCheckUtils]: 19: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,281 INFO L290 TraceCheckUtils]: 20: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,281 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {12952#true} {12952#true} #1739#return; {12952#true} is VALID [2022-02-20 18:04:33,281 INFO L290 TraceCheckUtils]: 22: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {12952#true} is VALID [2022-02-20 18:04:33,281 INFO L272 TraceCheckUtils]: 23: Hoare triple {12952#true} call select_features_#t~ret9#1 := select_one(); {12952#true} is VALID [2022-02-20 18:04:33,281 INFO L290 TraceCheckUtils]: 24: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,282 INFO L290 TraceCheckUtils]: 25: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,282 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {12952#true} {12952#true} #1741#return; {12952#true} is VALID [2022-02-20 18:04:33,282 INFO L290 TraceCheckUtils]: 27: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {12952#true} is VALID [2022-02-20 18:04:33,282 INFO L272 TraceCheckUtils]: 28: Hoare triple {12952#true} call select_features_#t~ret10#1 := select_one(); {12952#true} is VALID [2022-02-20 18:04:33,282 INFO L290 TraceCheckUtils]: 29: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,282 INFO L290 TraceCheckUtils]: 30: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,282 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {12952#true} {12952#true} #1743#return; {12952#true} is VALID [2022-02-20 18:04:33,282 INFO L290 TraceCheckUtils]: 32: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {12952#true} is VALID [2022-02-20 18:04:33,282 INFO L272 TraceCheckUtils]: 33: Hoare triple {12952#true} call select_features_#t~ret11#1 := select_one(); {12952#true} is VALID [2022-02-20 18:04:33,283 INFO L290 TraceCheckUtils]: 34: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,293 INFO L290 TraceCheckUtils]: 35: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,303 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {12952#true} {12952#true} #1745#return; {12952#true} is VALID [2022-02-20 18:04:33,303 INFO L290 TraceCheckUtils]: 37: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {12952#true} is VALID [2022-02-20 18:04:33,303 INFO L272 TraceCheckUtils]: 38: Hoare triple {12952#true} call select_features_#t~ret12#1 := select_one(); {12952#true} is VALID [2022-02-20 18:04:33,303 INFO L290 TraceCheckUtils]: 39: Hoare triple {12952#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {12952#true} is VALID [2022-02-20 18:04:33,303 INFO L290 TraceCheckUtils]: 40: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,304 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12952#true} {12952#true} #1747#return; {12952#true} is VALID [2022-02-20 18:04:33,304 INFO L290 TraceCheckUtils]: 42: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {12952#true} is VALID [2022-02-20 18:04:33,304 INFO L290 TraceCheckUtils]: 43: Hoare triple {12952#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {12952#true} is VALID [2022-02-20 18:04:33,304 INFO L290 TraceCheckUtils]: 44: Hoare triple {12952#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {12952#true} is VALID [2022-02-20 18:04:33,304 INFO L290 TraceCheckUtils]: 45: Hoare triple {12952#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {12978#(not (= ~__SELECTED_FEATURE_Decrypt~0 0))} is VALID [2022-02-20 18:04:33,305 INFO L290 TraceCheckUtils]: 46: Hoare triple {12978#(not (= ~__SELECTED_FEATURE_Decrypt~0 0))} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {12953#false} is VALID [2022-02-20 18:04:33,305 INFO L290 TraceCheckUtils]: 47: Hoare triple {12953#false} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {12953#false} is VALID [2022-02-20 18:04:33,305 INFO L290 TraceCheckUtils]: 48: Hoare triple {12953#false} assume 0 != ~__SELECTED_FEATURE_Keys~0; {12953#false} is VALID [2022-02-20 18:04:33,305 INFO L290 TraceCheckUtils]: 49: Hoare triple {12953#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12953#false} is VALID [2022-02-20 18:04:33,305 INFO L290 TraceCheckUtils]: 50: Hoare triple {12953#false} assume 0 == ~__SELECTED_FEATURE_Verify~0; {12953#false} is VALID [2022-02-20 18:04:33,305 INFO L290 TraceCheckUtils]: 51: Hoare triple {12953#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12953#false} is VALID [2022-02-20 18:04:33,305 INFO L290 TraceCheckUtils]: 52: Hoare triple {12953#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {12953#false} is VALID [2022-02-20 18:04:33,306 INFO L290 TraceCheckUtils]: 53: Hoare triple {12953#false} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {12953#false} is VALID [2022-02-20 18:04:33,306 INFO L290 TraceCheckUtils]: 54: Hoare triple {12953#false} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {12953#false} is VALID [2022-02-20 18:04:33,306 INFO L290 TraceCheckUtils]: 55: Hoare triple {12953#false} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {12953#false} is VALID [2022-02-20 18:04:33,306 INFO L290 TraceCheckUtils]: 56: Hoare triple {12953#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12953#false} is VALID [2022-02-20 18:04:33,306 INFO L272 TraceCheckUtils]: 57: Hoare triple {12953#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:33,306 INFO L290 TraceCheckUtils]: 58: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12952#true} is VALID [2022-02-20 18:04:33,307 INFO L272 TraceCheckUtils]: 59: Hoare triple {12952#true} call setClientId(~bob___0, ~bob___0); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:33,307 INFO L290 TraceCheckUtils]: 60: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,307 INFO L290 TraceCheckUtils]: 61: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,307 INFO L290 TraceCheckUtils]: 62: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,307 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12952#true} {12952#true} #1731#return; {12952#true} is VALID [2022-02-20 18:04:33,307 INFO L290 TraceCheckUtils]: 64: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,308 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {12952#true} {12953#false} #1753#return; {12953#false} is VALID [2022-02-20 18:04:33,308 INFO L290 TraceCheckUtils]: 66: Hoare triple {12953#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {12953#false} is VALID [2022-02-20 18:04:33,308 INFO L290 TraceCheckUtils]: 67: Hoare triple {12953#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12953#false} is VALID [2022-02-20 18:04:33,308 INFO L272 TraceCheckUtils]: 68: Hoare triple {12953#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:33,308 INFO L290 TraceCheckUtils]: 69: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12952#true} is VALID [2022-02-20 18:04:33,309 INFO L272 TraceCheckUtils]: 70: Hoare triple {12952#true} call setClientId(~rjh___0, ~rjh___0); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:33,309 INFO L290 TraceCheckUtils]: 71: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,309 INFO L290 TraceCheckUtils]: 72: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,309 INFO L290 TraceCheckUtils]: 73: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,309 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {12952#true} {12952#true} #1683#return; {12952#true} is VALID [2022-02-20 18:04:33,309 INFO L290 TraceCheckUtils]: 75: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,309 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {12952#true} {12953#false} #1759#return; {12953#false} is VALID [2022-02-20 18:04:33,310 INFO L290 TraceCheckUtils]: 77: Hoare triple {12953#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {12953#false} is VALID [2022-02-20 18:04:33,310 INFO L290 TraceCheckUtils]: 78: Hoare triple {12953#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12953#false} is VALID [2022-02-20 18:04:33,310 INFO L272 TraceCheckUtils]: 79: Hoare triple {12953#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:33,310 INFO L290 TraceCheckUtils]: 80: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12952#true} is VALID [2022-02-20 18:04:33,310 INFO L272 TraceCheckUtils]: 81: Hoare triple {12952#true} call setClientId(~chuck___0, ~chuck___0); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:33,311 INFO L290 TraceCheckUtils]: 82: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,311 INFO L290 TraceCheckUtils]: 83: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,311 INFO L290 TraceCheckUtils]: 84: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,311 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12952#true} {12952#true} #1625#return; {12952#true} is VALID [2022-02-20 18:04:33,311 INFO L290 TraceCheckUtils]: 86: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,311 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {12952#true} {12953#false} #1765#return; {12953#false} is VALID [2022-02-20 18:04:33,311 INFO L290 TraceCheckUtils]: 88: Hoare triple {12953#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {12953#false} is VALID [2022-02-20 18:04:33,311 INFO L290 TraceCheckUtils]: 89: Hoare triple {12953#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12953#false} is VALID [2022-02-20 18:04:33,312 INFO L290 TraceCheckUtils]: 90: Hoare triple {12953#false} assume !false; {12953#false} is VALID [2022-02-20 18:04:33,312 INFO L290 TraceCheckUtils]: 91: Hoare triple {12953#false} assume !(test_~splverifierCounter~0#1 < 4); {12953#false} is VALID [2022-02-20 18:04:33,312 INFO L290 TraceCheckUtils]: 92: Hoare triple {12953#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {12953#false} is VALID [2022-02-20 18:04:33,312 INFO L272 TraceCheckUtils]: 93: Hoare triple {12953#false} call sendEmail(~bob~0, ~rjh~0); {12953#false} is VALID [2022-02-20 18:04:33,312 INFO L290 TraceCheckUtils]: 94: Hoare triple {12953#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12953#false} is VALID [2022-02-20 18:04:33,312 INFO L272 TraceCheckUtils]: 95: Hoare triple {12953#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13041#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:33,312 INFO L290 TraceCheckUtils]: 96: Hoare triple {13041#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,312 INFO L290 TraceCheckUtils]: 97: Hoare triple {12952#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,313 INFO L290 TraceCheckUtils]: 98: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,313 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {12952#true} {12953#false} #1647#return; {12953#false} is VALID [2022-02-20 18:04:33,313 INFO L272 TraceCheckUtils]: 100: Hoare triple {12953#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13042#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:33,313 INFO L290 TraceCheckUtils]: 101: Hoare triple {13042#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,313 INFO L290 TraceCheckUtils]: 102: Hoare triple {12952#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,313 INFO L290 TraceCheckUtils]: 103: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,313 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {12952#true} {12953#false} #1649#return; {12953#false} is VALID [2022-02-20 18:04:33,313 INFO L290 TraceCheckUtils]: 105: Hoare triple {12953#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {12953#false} is VALID [2022-02-20 18:04:33,317 INFO L290 TraceCheckUtils]: 106: Hoare triple {12953#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {12953#false} is VALID [2022-02-20 18:04:33,317 INFO L272 TraceCheckUtils]: 107: Hoare triple {12953#false} call outgoing(~sender#1, ~email~0#1); {12953#false} is VALID [2022-02-20 18:04:33,317 INFO L290 TraceCheckUtils]: 108: Hoare triple {12953#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12953#false} is VALID [2022-02-20 18:04:33,317 INFO L290 TraceCheckUtils]: 109: Hoare triple {12953#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {12953#false} is VALID [2022-02-20 18:04:33,317 INFO L272 TraceCheckUtils]: 110: Hoare triple {12953#false} call outgoing__before__Sign(~client#1, ~msg#1); {12953#false} is VALID [2022-02-20 18:04:33,317 INFO L290 TraceCheckUtils]: 111: Hoare triple {12953#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12953#false} is VALID [2022-02-20 18:04:33,317 INFO L290 TraceCheckUtils]: 112: Hoare triple {12953#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {12953#false} is VALID [2022-02-20 18:04:33,317 INFO L272 TraceCheckUtils]: 113: Hoare triple {12953#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {12953#false} is VALID [2022-02-20 18:04:33,318 INFO L290 TraceCheckUtils]: 114: Hoare triple {12953#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12953#false} is VALID [2022-02-20 18:04:33,318 INFO L290 TraceCheckUtils]: 115: Hoare triple {12953#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret81#1, outgoing__role__Encrypt_#t~ret82#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~15#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~15#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {12953#false} is VALID [2022-02-20 18:04:33,318 INFO L272 TraceCheckUtils]: 116: Hoare triple {12953#false} call outgoing__role__Encrypt_#t~ret81#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {12952#true} is VALID [2022-02-20 18:04:33,318 INFO L290 TraceCheckUtils]: 117: Hoare triple {12952#true} ~handle := #in~handle;havoc ~retValue_acc~26; {12952#true} is VALID [2022-02-20 18:04:33,318 INFO L290 TraceCheckUtils]: 118: Hoare triple {12952#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12952#true} is VALID [2022-02-20 18:04:33,318 INFO L290 TraceCheckUtils]: 119: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,318 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {12952#true} {12953#false} #1613#return; {12953#false} is VALID [2022-02-20 18:04:33,319 INFO L290 TraceCheckUtils]: 121: Hoare triple {12953#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret81#1 && outgoing__role__Encrypt_#t~ret81#1 <= 2147483647;outgoing__role__Encrypt_~tmp~15#1 := outgoing__role__Encrypt_#t~ret81#1;havoc outgoing__role__Encrypt_#t~ret81#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~15#1; {12953#false} is VALID [2022-02-20 18:04:33,319 INFO L272 TraceCheckUtils]: 122: Hoare triple {12953#false} call outgoing__role__Encrypt_#t~ret82#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {12952#true} is VALID [2022-02-20 18:04:33,319 INFO L290 TraceCheckUtils]: 123: Hoare triple {12952#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:04:33,319 INFO L290 TraceCheckUtils]: 124: Hoare triple {12952#true} assume 1 == ~handle; {12952#true} is VALID [2022-02-20 18:04:33,319 INFO L290 TraceCheckUtils]: 125: Hoare triple {12952#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:04:33,319 INFO L290 TraceCheckUtils]: 126: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,319 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {12952#true} {12953#false} #1615#return; {12953#false} is VALID [2022-02-20 18:04:33,319 INFO L290 TraceCheckUtils]: 128: Hoare triple {12953#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret82#1 && outgoing__role__Encrypt_#t~ret82#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret82#1;havoc outgoing__role__Encrypt_#t~ret82#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {12953#false} is VALID [2022-02-20 18:04:33,320 INFO L290 TraceCheckUtils]: 129: Hoare triple {12953#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {12953#false} is VALID [2022-02-20 18:04:33,320 INFO L272 TraceCheckUtils]: 130: Hoare triple {12953#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {12953#false} is VALID [2022-02-20 18:04:33,320 INFO L290 TraceCheckUtils]: 131: Hoare triple {12953#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {12953#false} is VALID [2022-02-20 18:04:33,320 INFO L290 TraceCheckUtils]: 132: Hoare triple {12953#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {12953#false} is VALID [2022-02-20 18:04:33,320 INFO L290 TraceCheckUtils]: 133: Hoare triple {12953#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {12953#false} is VALID [2022-02-20 18:04:33,320 INFO L272 TraceCheckUtils]: 134: Hoare triple {12953#false} call setEmailFrom(~msg#1, ~tmp~14#1); {13041#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:33,320 INFO L290 TraceCheckUtils]: 135: Hoare triple {13041#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:04:33,320 INFO L290 TraceCheckUtils]: 136: Hoare triple {12952#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12952#true} is VALID [2022-02-20 18:04:33,321 INFO L290 TraceCheckUtils]: 137: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,321 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {12952#true} {12953#false} #1659#return; {12953#false} is VALID [2022-02-20 18:04:33,321 INFO L290 TraceCheckUtils]: 139: Hoare triple {12953#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {12953#false} is VALID [2022-02-20 18:04:33,321 INFO L290 TraceCheckUtils]: 140: Hoare triple {12953#false} assume 0 != ~in_encrypted~0; {12953#false} is VALID [2022-02-20 18:04:33,321 INFO L272 TraceCheckUtils]: 141: Hoare triple {12953#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {12952#true} is VALID [2022-02-20 18:04:33,321 INFO L290 TraceCheckUtils]: 142: Hoare triple {12952#true} ~handle := #in~handle;havoc ~retValue_acc~29; {12952#true} is VALID [2022-02-20 18:04:33,321 INFO L290 TraceCheckUtils]: 143: Hoare triple {12952#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {12952#true} is VALID [2022-02-20 18:04:33,321 INFO L290 TraceCheckUtils]: 144: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:04:33,322 INFO L284 TraceCheckUtils]: 145: Hoare quadruple {12952#true} {12953#false} #1661#return; {12953#false} is VALID [2022-02-20 18:04:33,322 INFO L290 TraceCheckUtils]: 146: Hoare triple {12953#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {12953#false} is VALID [2022-02-20 18:04:33,322 INFO L290 TraceCheckUtils]: 147: Hoare triple {12953#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {12953#false} is VALID [2022-02-20 18:04:33,322 INFO L290 TraceCheckUtils]: 148: Hoare triple {12953#false} assume !false; {12953#false} is VALID [2022-02-20 18:04:33,322 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:04:33,322 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:33,323 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [388259692] [2022-02-20 18:04:33,323 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [388259692] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:33,323 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:33,323 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:04:33,323 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1991512626] [2022-02-20 18:04:33,323 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:33,324 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 149 [2022-02-20 18:04:33,324 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:33,324 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:04:33,409 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 126 edges. 126 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:33,410 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:04:33,410 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:33,411 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:04:33,411 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:04:33,411 INFO L87 Difference]: Start difference. First operand 596 states and 871 transitions. Second operand has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:04:38,092 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:38,092 INFO L93 Difference]: Finished difference Result 1302 states and 1952 transitions. [2022-02-20 18:04:38,092 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:04:38,092 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 149 [2022-02-20 18:04:38,094 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:38,094 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:04:38,114 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1950 transitions. [2022-02-20 18:04:38,115 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:04:38,133 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1950 transitions. [2022-02-20 18:04:38,134 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1950 transitions. [2022-02-20 18:04:39,650 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1950 edges. 1950 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:39,691 INFO L225 Difference]: With dead ends: 1302 [2022-02-20 18:04:39,691 INFO L226 Difference]: Without dead ends: 736 [2022-02-20 18:04:39,693 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 43 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:04:39,694 INFO L933 BasicCegarLoop]: 890 mSDtfsCounter, 2027 mSDsluCounter, 679 mSDsCounter, 0 mSdLazyCounter, 515 mSolverCounterSat, 806 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2055 SdHoareTripleChecker+Valid, 1569 SdHoareTripleChecker+Invalid, 1321 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 806 IncrementalHoareTripleChecker+Valid, 515 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:39,694 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2055 Valid, 1569 Invalid, 1321 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [806 Valid, 515 Invalid, 0 Unknown, 0 Unchecked, 1.8s Time] [2022-02-20 18:04:39,695 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 736 states. [2022-02-20 18:04:39,733 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 736 to 595. [2022-02-20 18:04:39,735 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:39,740 INFO L82 GeneralOperation]: Start isEquivalent. First operand 736 states. Second operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 460 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 18:04:39,756 INFO L74 IsIncluded]: Start isIncluded. First operand 736 states. Second operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 460 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 18:04:39,758 INFO L87 Difference]: Start difference. First operand 736 states. Second operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 460 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 18:04:39,798 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:39,799 INFO L93 Difference]: Finished difference Result 736 states and 1099 transitions. [2022-02-20 18:04:39,799 INFO L276 IsEmpty]: Start isEmpty. Operand 736 states and 1099 transitions. [2022-02-20 18:04:39,801 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:39,801 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:39,803 INFO L74 IsIncluded]: Start isIncluded. First operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 460 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) Second operand 736 states. [2022-02-20 18:04:39,821 INFO L87 Difference]: Start difference. First operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 460 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) Second operand 736 states. [2022-02-20 18:04:39,861 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:39,862 INFO L93 Difference]: Finished difference Result 736 states and 1099 transitions. [2022-02-20 18:04:39,862 INFO L276 IsEmpty]: Start isEmpty. Operand 736 states and 1099 transitions. [2022-02-20 18:04:39,866 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:39,866 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:39,866 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:39,866 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:39,868 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 460 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 18:04:39,904 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 595 states to 595 states and 867 transitions. [2022-02-20 18:04:39,919 INFO L78 Accepts]: Start accepts. Automaton has 595 states and 867 transitions. Word has length 149 [2022-02-20 18:04:39,920 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:39,920 INFO L470 AbstractCegarLoop]: Abstraction has 595 states and 867 transitions. [2022-02-20 18:04:39,920 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:04:39,920 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 867 transitions. [2022-02-20 18:04:39,924 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 151 [2022-02-20 18:04:39,924 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:39,924 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:39,925 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:04:39,925 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:39,925 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:39,925 INFO L85 PathProgramCache]: Analyzing trace with hash -497393103, now seen corresponding path program 1 times [2022-02-20 18:04:39,925 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:39,926 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1008715784] [2022-02-20 18:04:39,926 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:39,926 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:39,968 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,001 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:04:40,004 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,010 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,010 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,010 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1733#return; {17160#true} is VALID [2022-02-20 18:04:40,011 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:04:40,014 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,016 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,017 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1735#return; {17160#true} is VALID [2022-02-20 18:04:40,017 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:04:40,020 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,022 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,022 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,023 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1737#return; {17160#true} is VALID [2022-02-20 18:04:40,023 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:40,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,030 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,030 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1739#return; {17160#true} is VALID [2022-02-20 18:04:40,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:04:40,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,034 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1741#return; {17160#true} is VALID [2022-02-20 18:04:40,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:04:40,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,041 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,041 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1743#return; {17160#true} is VALID [2022-02-20 18:04:40,041 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:04:40,044 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,047 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,047 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,047 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1745#return; {17160#true} is VALID [2022-02-20 18:04:40,047 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:04:40,050 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,053 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,053 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,053 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1747#return; {17160#true} is VALID [2022-02-20 18:04:40,058 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:04:40,061 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,065 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:40,065 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,067 INFO L290 TraceCheckUtils]: 0: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,067 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,068 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,068 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17160#true} #1731#return; {17160#true} is VALID [2022-02-20 18:04:40,068 INFO L290 TraceCheckUtils]: 0: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {17160#true} is VALID [2022-02-20 18:04:40,069 INFO L272 TraceCheckUtils]: 1: Hoare triple {17160#true} call setClientId(~bob___0, ~bob___0); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:40,069 INFO L290 TraceCheckUtils]: 2: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,069 INFO L290 TraceCheckUtils]: 3: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,069 INFO L290 TraceCheckUtils]: 4: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,069 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17160#true} {17160#true} #1731#return; {17160#true} is VALID [2022-02-20 18:04:40,070 INFO L290 TraceCheckUtils]: 6: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,070 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17160#true} {17161#false} #1753#return; {17161#false} is VALID [2022-02-20 18:04:40,070 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:04:40,072 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,074 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:40,075 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,077 INFO L290 TraceCheckUtils]: 0: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,077 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,077 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,078 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17160#true} #1683#return; {17160#true} is VALID [2022-02-20 18:04:40,078 INFO L290 TraceCheckUtils]: 0: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {17160#true} is VALID [2022-02-20 18:04:40,078 INFO L272 TraceCheckUtils]: 1: Hoare triple {17160#true} call setClientId(~rjh___0, ~rjh___0); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:40,079 INFO L290 TraceCheckUtils]: 2: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,079 INFO L290 TraceCheckUtils]: 3: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,079 INFO L290 TraceCheckUtils]: 4: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,079 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17160#true} {17160#true} #1683#return; {17160#true} is VALID [2022-02-20 18:04:40,079 INFO L290 TraceCheckUtils]: 6: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,079 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17160#true} {17161#false} #1759#return; {17161#false} is VALID [2022-02-20 18:04:40,079 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:04:40,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,084 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:40,084 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,086 INFO L290 TraceCheckUtils]: 0: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,087 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,087 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,087 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17160#true} #1625#return; {17160#true} is VALID [2022-02-20 18:04:40,087 INFO L290 TraceCheckUtils]: 0: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {17160#true} is VALID [2022-02-20 18:04:40,088 INFO L272 TraceCheckUtils]: 1: Hoare triple {17160#true} call setClientId(~chuck___0, ~chuck___0); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:40,088 INFO L290 TraceCheckUtils]: 2: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,088 INFO L290 TraceCheckUtils]: 3: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,088 INFO L290 TraceCheckUtils]: 4: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,088 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17160#true} {17160#true} #1625#return; {17160#true} is VALID [2022-02-20 18:04:40,088 INFO L290 TraceCheckUtils]: 6: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,088 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17160#true} {17161#false} #1765#return; {17161#false} is VALID [2022-02-20 18:04:40,092 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:04:40,093 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,095 INFO L290 TraceCheckUtils]: 0: Hoare triple {17249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,095 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,095 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,095 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17161#false} #1647#return; {17161#false} is VALID [2022-02-20 18:04:40,099 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:04:40,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,101 INFO L290 TraceCheckUtils]: 0: Hoare triple {17250#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,102 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,102 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,102 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17161#false} #1649#return; {17161#false} is VALID [2022-02-20 18:04:40,102 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 18:04:40,103 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,104 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} ~handle := #in~handle;havoc ~retValue_acc~26; {17160#true} is VALID [2022-02-20 18:04:40,104 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {17160#true} is VALID [2022-02-20 18:04:40,104 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,104 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17161#false} #1613#return; {17161#false} is VALID [2022-02-20 18:04:40,105 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:04:40,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,106 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:04:40,107 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle; {17160#true} is VALID [2022-02-20 18:04:40,107 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:04:40,107 INFO L290 TraceCheckUtils]: 3: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,107 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17160#true} {17161#false} #1615#return; {17161#false} is VALID [2022-02-20 18:04:40,107 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 18:04:40,108 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,111 INFO L290 TraceCheckUtils]: 0: Hoare triple {17249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,111 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,111 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,111 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17161#false} #1659#return; {17161#false} is VALID [2022-02-20 18:04:40,111 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 18:04:40,112 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:40,113 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} ~handle := #in~handle;havoc ~retValue_acc~29; {17160#true} is VALID [2022-02-20 18:04:40,113 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {17160#true} is VALID [2022-02-20 18:04:40,113 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,114 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17161#false} #1661#return; {17161#false} is VALID [2022-02-20 18:04:40,114 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {17160#true} is VALID [2022-02-20 18:04:40,114 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {17160#true} is VALID [2022-02-20 18:04:40,114 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {17160#true} is VALID [2022-02-20 18:04:40,114 INFO L272 TraceCheckUtils]: 3: Hoare triple {17160#true} call select_features_#t~ret5#1 := select_one(); {17160#true} is VALID [2022-02-20 18:04:40,114 INFO L290 TraceCheckUtils]: 4: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,114 INFO L290 TraceCheckUtils]: 5: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,114 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {17160#true} {17160#true} #1733#return; {17160#true} is VALID [2022-02-20 18:04:40,115 INFO L290 TraceCheckUtils]: 7: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {17160#true} is VALID [2022-02-20 18:04:40,115 INFO L272 TraceCheckUtils]: 8: Hoare triple {17160#true} call select_features_#t~ret6#1 := select_one(); {17160#true} is VALID [2022-02-20 18:04:40,115 INFO L290 TraceCheckUtils]: 9: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,115 INFO L290 TraceCheckUtils]: 10: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,115 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {17160#true} {17160#true} #1735#return; {17160#true} is VALID [2022-02-20 18:04:40,115 INFO L290 TraceCheckUtils]: 12: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {17160#true} is VALID [2022-02-20 18:04:40,115 INFO L272 TraceCheckUtils]: 13: Hoare triple {17160#true} call select_features_#t~ret7#1 := select_one(); {17160#true} is VALID [2022-02-20 18:04:40,115 INFO L290 TraceCheckUtils]: 14: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,116 INFO L290 TraceCheckUtils]: 15: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,116 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17160#true} {17160#true} #1737#return; {17160#true} is VALID [2022-02-20 18:04:40,116 INFO L290 TraceCheckUtils]: 17: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {17160#true} is VALID [2022-02-20 18:04:40,116 INFO L272 TraceCheckUtils]: 18: Hoare triple {17160#true} call select_features_#t~ret8#1 := select_one(); {17160#true} is VALID [2022-02-20 18:04:40,116 INFO L290 TraceCheckUtils]: 19: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,116 INFO L290 TraceCheckUtils]: 20: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,116 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {17160#true} {17160#true} #1739#return; {17160#true} is VALID [2022-02-20 18:04:40,116 INFO L290 TraceCheckUtils]: 22: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {17160#true} is VALID [2022-02-20 18:04:40,117 INFO L272 TraceCheckUtils]: 23: Hoare triple {17160#true} call select_features_#t~ret9#1 := select_one(); {17160#true} is VALID [2022-02-20 18:04:40,117 INFO L290 TraceCheckUtils]: 24: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,117 INFO L290 TraceCheckUtils]: 25: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,117 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {17160#true} {17160#true} #1741#return; {17160#true} is VALID [2022-02-20 18:04:40,117 INFO L290 TraceCheckUtils]: 27: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {17160#true} is VALID [2022-02-20 18:04:40,117 INFO L272 TraceCheckUtils]: 28: Hoare triple {17160#true} call select_features_#t~ret10#1 := select_one(); {17160#true} is VALID [2022-02-20 18:04:40,117 INFO L290 TraceCheckUtils]: 29: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,117 INFO L290 TraceCheckUtils]: 30: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,118 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {17160#true} {17160#true} #1743#return; {17160#true} is VALID [2022-02-20 18:04:40,118 INFO L290 TraceCheckUtils]: 32: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {17160#true} is VALID [2022-02-20 18:04:40,118 INFO L272 TraceCheckUtils]: 33: Hoare triple {17160#true} call select_features_#t~ret11#1 := select_one(); {17160#true} is VALID [2022-02-20 18:04:40,118 INFO L290 TraceCheckUtils]: 34: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,118 INFO L290 TraceCheckUtils]: 35: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,118 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {17160#true} {17160#true} #1745#return; {17160#true} is VALID [2022-02-20 18:04:40,118 INFO L290 TraceCheckUtils]: 37: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {17160#true} is VALID [2022-02-20 18:04:40,118 INFO L272 TraceCheckUtils]: 38: Hoare triple {17160#true} call select_features_#t~ret12#1 := select_one(); {17160#true} is VALID [2022-02-20 18:04:40,118 INFO L290 TraceCheckUtils]: 39: Hoare triple {17160#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {17160#true} is VALID [2022-02-20 18:04:40,119 INFO L290 TraceCheckUtils]: 40: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,119 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {17160#true} {17160#true} #1747#return; {17160#true} is VALID [2022-02-20 18:04:40,119 INFO L290 TraceCheckUtils]: 42: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {17160#true} is VALID [2022-02-20 18:04:40,119 INFO L290 TraceCheckUtils]: 43: Hoare triple {17160#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {17160#true} is VALID [2022-02-20 18:04:40,119 INFO L290 TraceCheckUtils]: 44: Hoare triple {17160#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {17160#true} is VALID [2022-02-20 18:04:40,119 INFO L290 TraceCheckUtils]: 45: Hoare triple {17160#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {17160#true} is VALID [2022-02-20 18:04:40,119 INFO L290 TraceCheckUtils]: 46: Hoare triple {17160#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {17160#true} is VALID [2022-02-20 18:04:40,119 INFO L290 TraceCheckUtils]: 47: Hoare triple {17160#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {17160#true} is VALID [2022-02-20 18:04:40,120 INFO L290 TraceCheckUtils]: 48: Hoare triple {17160#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {17160#true} is VALID [2022-02-20 18:04:40,120 INFO L290 TraceCheckUtils]: 49: Hoare triple {17160#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:04:40,120 INFO L290 TraceCheckUtils]: 50: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 == ~__SELECTED_FEATURE_Sign~0; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:04:40,120 INFO L290 TraceCheckUtils]: 51: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 == ~__SELECTED_FEATURE_Verify~0; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:04:40,121 INFO L290 TraceCheckUtils]: 52: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 == ~__SELECTED_FEATURE_Sign~0; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:04:40,121 INFO L290 TraceCheckUtils]: 53: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:04:40,121 INFO L290 TraceCheckUtils]: 54: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:04:40,122 INFO L290 TraceCheckUtils]: 55: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:04:40,122 INFO L290 TraceCheckUtils]: 56: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:04:40,122 INFO L290 TraceCheckUtils]: 57: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17161#false} is VALID [2022-02-20 18:04:40,122 INFO L272 TraceCheckUtils]: 58: Hoare triple {17161#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:40,122 INFO L290 TraceCheckUtils]: 59: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {17160#true} is VALID [2022-02-20 18:04:40,123 INFO L272 TraceCheckUtils]: 60: Hoare triple {17160#true} call setClientId(~bob___0, ~bob___0); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:40,123 INFO L290 TraceCheckUtils]: 61: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,123 INFO L290 TraceCheckUtils]: 62: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,123 INFO L290 TraceCheckUtils]: 63: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,124 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {17160#true} {17160#true} #1731#return; {17160#true} is VALID [2022-02-20 18:04:40,124 INFO L290 TraceCheckUtils]: 65: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,124 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {17160#true} {17161#false} #1753#return; {17161#false} is VALID [2022-02-20 18:04:40,124 INFO L290 TraceCheckUtils]: 67: Hoare triple {17161#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {17161#false} is VALID [2022-02-20 18:04:40,124 INFO L290 TraceCheckUtils]: 68: Hoare triple {17161#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17161#false} is VALID [2022-02-20 18:04:40,124 INFO L272 TraceCheckUtils]: 69: Hoare triple {17161#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:40,124 INFO L290 TraceCheckUtils]: 70: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {17160#true} is VALID [2022-02-20 18:04:40,125 INFO L272 TraceCheckUtils]: 71: Hoare triple {17160#true} call setClientId(~rjh___0, ~rjh___0); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:40,125 INFO L290 TraceCheckUtils]: 72: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,125 INFO L290 TraceCheckUtils]: 73: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,125 INFO L290 TraceCheckUtils]: 74: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,125 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {17160#true} {17160#true} #1683#return; {17160#true} is VALID [2022-02-20 18:04:40,125 INFO L290 TraceCheckUtils]: 76: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,126 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {17160#true} {17161#false} #1759#return; {17161#false} is VALID [2022-02-20 18:04:40,126 INFO L290 TraceCheckUtils]: 78: Hoare triple {17161#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {17161#false} is VALID [2022-02-20 18:04:40,126 INFO L290 TraceCheckUtils]: 79: Hoare triple {17161#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17161#false} is VALID [2022-02-20 18:04:40,126 INFO L272 TraceCheckUtils]: 80: Hoare triple {17161#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:40,126 INFO L290 TraceCheckUtils]: 81: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {17160#true} is VALID [2022-02-20 18:04:40,127 INFO L272 TraceCheckUtils]: 82: Hoare triple {17160#true} call setClientId(~chuck___0, ~chuck___0); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:40,127 INFO L290 TraceCheckUtils]: 83: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,127 INFO L290 TraceCheckUtils]: 84: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,127 INFO L290 TraceCheckUtils]: 85: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,127 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {17160#true} {17160#true} #1625#return; {17160#true} is VALID [2022-02-20 18:04:40,127 INFO L290 TraceCheckUtils]: 87: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,127 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {17160#true} {17161#false} #1765#return; {17161#false} is VALID [2022-02-20 18:04:40,128 INFO L290 TraceCheckUtils]: 89: Hoare triple {17161#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {17161#false} is VALID [2022-02-20 18:04:40,128 INFO L290 TraceCheckUtils]: 90: Hoare triple {17161#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17161#false} is VALID [2022-02-20 18:04:40,128 INFO L290 TraceCheckUtils]: 91: Hoare triple {17161#false} assume !false; {17161#false} is VALID [2022-02-20 18:04:40,128 INFO L290 TraceCheckUtils]: 92: Hoare triple {17161#false} assume !(test_~splverifierCounter~0#1 < 4); {17161#false} is VALID [2022-02-20 18:04:40,128 INFO L290 TraceCheckUtils]: 93: Hoare triple {17161#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {17161#false} is VALID [2022-02-20 18:04:40,128 INFO L272 TraceCheckUtils]: 94: Hoare triple {17161#false} call sendEmail(~bob~0, ~rjh~0); {17161#false} is VALID [2022-02-20 18:04:40,128 INFO L290 TraceCheckUtils]: 95: Hoare triple {17161#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17161#false} is VALID [2022-02-20 18:04:40,137 INFO L272 TraceCheckUtils]: 96: Hoare triple {17161#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:40,138 INFO L290 TraceCheckUtils]: 97: Hoare triple {17249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,138 INFO L290 TraceCheckUtils]: 98: Hoare triple {17160#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,138 INFO L290 TraceCheckUtils]: 99: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,138 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {17160#true} {17161#false} #1647#return; {17161#false} is VALID [2022-02-20 18:04:40,138 INFO L272 TraceCheckUtils]: 101: Hoare triple {17161#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17250#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:40,138 INFO L290 TraceCheckUtils]: 102: Hoare triple {17250#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,138 INFO L290 TraceCheckUtils]: 103: Hoare triple {17160#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,138 INFO L290 TraceCheckUtils]: 104: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,139 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {17160#true} {17161#false} #1649#return; {17161#false} is VALID [2022-02-20 18:04:40,139 INFO L290 TraceCheckUtils]: 106: Hoare triple {17161#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {17161#false} is VALID [2022-02-20 18:04:40,139 INFO L290 TraceCheckUtils]: 107: Hoare triple {17161#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {17161#false} is VALID [2022-02-20 18:04:40,139 INFO L272 TraceCheckUtils]: 108: Hoare triple {17161#false} call outgoing(~sender#1, ~email~0#1); {17161#false} is VALID [2022-02-20 18:04:40,139 INFO L290 TraceCheckUtils]: 109: Hoare triple {17161#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17161#false} is VALID [2022-02-20 18:04:40,139 INFO L290 TraceCheckUtils]: 110: Hoare triple {17161#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {17161#false} is VALID [2022-02-20 18:04:40,139 INFO L272 TraceCheckUtils]: 111: Hoare triple {17161#false} call outgoing__before__Sign(~client#1, ~msg#1); {17161#false} is VALID [2022-02-20 18:04:40,139 INFO L290 TraceCheckUtils]: 112: Hoare triple {17161#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17161#false} is VALID [2022-02-20 18:04:40,140 INFO L290 TraceCheckUtils]: 113: Hoare triple {17161#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {17161#false} is VALID [2022-02-20 18:04:40,140 INFO L272 TraceCheckUtils]: 114: Hoare triple {17161#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {17161#false} is VALID [2022-02-20 18:04:40,140 INFO L290 TraceCheckUtils]: 115: Hoare triple {17161#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17161#false} is VALID [2022-02-20 18:04:40,140 INFO L290 TraceCheckUtils]: 116: Hoare triple {17161#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret81#1, outgoing__role__Encrypt_#t~ret82#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~15#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~15#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {17161#false} is VALID [2022-02-20 18:04:40,140 INFO L272 TraceCheckUtils]: 117: Hoare triple {17161#false} call outgoing__role__Encrypt_#t~ret81#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {17160#true} is VALID [2022-02-20 18:04:40,140 INFO L290 TraceCheckUtils]: 118: Hoare triple {17160#true} ~handle := #in~handle;havoc ~retValue_acc~26; {17160#true} is VALID [2022-02-20 18:04:40,140 INFO L290 TraceCheckUtils]: 119: Hoare triple {17160#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {17160#true} is VALID [2022-02-20 18:04:40,140 INFO L290 TraceCheckUtils]: 120: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,140 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {17160#true} {17161#false} #1613#return; {17161#false} is VALID [2022-02-20 18:04:40,141 INFO L290 TraceCheckUtils]: 122: Hoare triple {17161#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret81#1 && outgoing__role__Encrypt_#t~ret81#1 <= 2147483647;outgoing__role__Encrypt_~tmp~15#1 := outgoing__role__Encrypt_#t~ret81#1;havoc outgoing__role__Encrypt_#t~ret81#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~15#1; {17161#false} is VALID [2022-02-20 18:04:40,141 INFO L272 TraceCheckUtils]: 123: Hoare triple {17161#false} call outgoing__role__Encrypt_#t~ret82#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {17160#true} is VALID [2022-02-20 18:04:40,141 INFO L290 TraceCheckUtils]: 124: Hoare triple {17160#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:04:40,141 INFO L290 TraceCheckUtils]: 125: Hoare triple {17160#true} assume 1 == ~handle; {17160#true} is VALID [2022-02-20 18:04:40,141 INFO L290 TraceCheckUtils]: 126: Hoare triple {17160#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:04:40,141 INFO L290 TraceCheckUtils]: 127: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,141 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {17160#true} {17161#false} #1615#return; {17161#false} is VALID [2022-02-20 18:04:40,141 INFO L290 TraceCheckUtils]: 129: Hoare triple {17161#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret82#1 && outgoing__role__Encrypt_#t~ret82#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret82#1;havoc outgoing__role__Encrypt_#t~ret82#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {17161#false} is VALID [2022-02-20 18:04:40,142 INFO L290 TraceCheckUtils]: 130: Hoare triple {17161#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {17161#false} is VALID [2022-02-20 18:04:40,142 INFO L272 TraceCheckUtils]: 131: Hoare triple {17161#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {17161#false} is VALID [2022-02-20 18:04:40,142 INFO L290 TraceCheckUtils]: 132: Hoare triple {17161#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {17161#false} is VALID [2022-02-20 18:04:40,142 INFO L290 TraceCheckUtils]: 133: Hoare triple {17161#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {17161#false} is VALID [2022-02-20 18:04:40,142 INFO L290 TraceCheckUtils]: 134: Hoare triple {17161#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {17161#false} is VALID [2022-02-20 18:04:40,142 INFO L272 TraceCheckUtils]: 135: Hoare triple {17161#false} call setEmailFrom(~msg#1, ~tmp~14#1); {17249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:40,142 INFO L290 TraceCheckUtils]: 136: Hoare triple {17249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:04:40,142 INFO L290 TraceCheckUtils]: 137: Hoare triple {17160#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17160#true} is VALID [2022-02-20 18:04:40,143 INFO L290 TraceCheckUtils]: 138: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,143 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {17160#true} {17161#false} #1659#return; {17161#false} is VALID [2022-02-20 18:04:40,143 INFO L290 TraceCheckUtils]: 140: Hoare triple {17161#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {17161#false} is VALID [2022-02-20 18:04:40,143 INFO L290 TraceCheckUtils]: 141: Hoare triple {17161#false} assume 0 != ~in_encrypted~0; {17161#false} is VALID [2022-02-20 18:04:40,143 INFO L272 TraceCheckUtils]: 142: Hoare triple {17161#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {17160#true} is VALID [2022-02-20 18:04:40,143 INFO L290 TraceCheckUtils]: 143: Hoare triple {17160#true} ~handle := #in~handle;havoc ~retValue_acc~29; {17160#true} is VALID [2022-02-20 18:04:40,143 INFO L290 TraceCheckUtils]: 144: Hoare triple {17160#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {17160#true} is VALID [2022-02-20 18:04:40,143 INFO L290 TraceCheckUtils]: 145: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:04:40,144 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {17160#true} {17161#false} #1661#return; {17161#false} is VALID [2022-02-20 18:04:40,144 INFO L290 TraceCheckUtils]: 147: Hoare triple {17161#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {17161#false} is VALID [2022-02-20 18:04:40,144 INFO L290 TraceCheckUtils]: 148: Hoare triple {17161#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {17161#false} is VALID [2022-02-20 18:04:40,144 INFO L290 TraceCheckUtils]: 149: Hoare triple {17161#false} assume !false; {17161#false} is VALID [2022-02-20 18:04:40,144 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:04:40,144 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:40,145 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1008715784] [2022-02-20 18:04:40,145 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1008715784] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:40,145 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:40,145 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:04:40,145 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [207007221] [2022-02-20 18:04:40,146 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:40,147 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 150 [2022-02-20 18:04:40,147 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:40,148 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:04:40,233 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 127 edges. 127 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:40,234 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:04:40,234 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:40,234 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:04:40,235 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:04:40,235 INFO L87 Difference]: Start difference. First operand 595 states and 867 transitions. Second operand has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:04:44,149 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:44,149 INFO L93 Difference]: Finished difference Result 1282 states and 1899 transitions. [2022-02-20 18:04:44,163 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:04:44,163 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 150 [2022-02-20 18:04:44,164 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:44,165 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:04:44,211 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1897 transitions. [2022-02-20 18:04:44,212 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:04:44,227 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1897 transitions. [2022-02-20 18:04:44,228 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1897 transitions. [2022-02-20 18:04:45,189 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1897 edges. 1897 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:45,214 INFO L225 Difference]: With dead ends: 1282 [2022-02-20 18:04:45,214 INFO L226 Difference]: Without dead ends: 733 [2022-02-20 18:04:45,215 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 43 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:04:45,216 INFO L933 BasicCegarLoop]: 864 mSDtfsCounter, 2021 mSDsluCounter, 617 mSDsCounter, 0 mSdLazyCounter, 526 mSolverCounterSat, 827 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2045 SdHoareTripleChecker+Valid, 1481 SdHoareTripleChecker+Invalid, 1353 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 827 IncrementalHoareTripleChecker+Valid, 526 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.4s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:45,216 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2045 Valid, 1481 Invalid, 1353 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [827 Valid, 526 Invalid, 0 Unknown, 0 Unchecked, 1.4s Time] [2022-02-20 18:04:45,217 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 733 states. [2022-02-20 18:04:45,234 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 733 to 592. [2022-02-20 18:04:45,234 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:45,236 INFO L82 GeneralOperation]: Start isEquivalent. First operand 733 states. Second operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 455 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:04:45,237 INFO L74 IsIncluded]: Start isIncluded. First operand 733 states. Second operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 455 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:04:45,238 INFO L87 Difference]: Start difference. First operand 733 states. Second operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 455 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:04:45,258 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:45,259 INFO L93 Difference]: Finished difference Result 733 states and 1079 transitions. [2022-02-20 18:04:45,259 INFO L276 IsEmpty]: Start isEmpty. Operand 733 states and 1079 transitions. [2022-02-20 18:04:45,261 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:45,261 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:45,262 INFO L74 IsIncluded]: Start isIncluded. First operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 455 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 733 states. [2022-02-20 18:04:45,263 INFO L87 Difference]: Start difference. First operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 455 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 733 states. [2022-02-20 18:04:45,284 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:45,285 INFO L93 Difference]: Finished difference Result 733 states and 1079 transitions. [2022-02-20 18:04:45,285 INFO L276 IsEmpty]: Start isEmpty. Operand 733 states and 1079 transitions. [2022-02-20 18:04:45,286 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:45,287 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:45,287 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:45,287 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:45,288 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 455 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:04:45,307 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 592 states to 592 states and 850 transitions. [2022-02-20 18:04:45,307 INFO L78 Accepts]: Start accepts. Automaton has 592 states and 850 transitions. Word has length 150 [2022-02-20 18:04:45,307 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:45,307 INFO L470 AbstractCegarLoop]: Abstraction has 592 states and 850 transitions. [2022-02-20 18:04:45,308 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:04:45,308 INFO L276 IsEmpty]: Start isEmpty. Operand 592 states and 850 transitions. [2022-02-20 18:04:45,310 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 176 [2022-02-20 18:04:45,310 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:45,310 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:45,310 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:04:45,310 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:45,310 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:45,311 INFO L85 PathProgramCache]: Analyzing trace with hash -608262645, now seen corresponding path program 1 times [2022-02-20 18:04:45,311 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:45,311 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [522452762] [2022-02-20 18:04:45,311 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:45,311 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:45,344 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,382 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:04:45,384 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,386 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,386 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,386 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1733#return; {21323#true} is VALID [2022-02-20 18:04:45,386 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:04:45,388 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,392 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,393 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,393 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1735#return; {21323#true} is VALID [2022-02-20 18:04:45,393 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:04:45,394 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,395 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,395 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,396 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1737#return; {21323#true} is VALID [2022-02-20 18:04:45,396 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:45,397 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,398 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,398 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,398 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1739#return; {21323#true} is VALID [2022-02-20 18:04:45,398 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:04:45,399 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,401 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,401 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,401 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1741#return; {21323#true} is VALID [2022-02-20 18:04:45,401 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:04:45,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,404 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,404 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,405 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1743#return; {21323#true} is VALID [2022-02-20 18:04:45,405 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:04:45,406 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,407 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,407 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,408 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1745#return; {21323#true} is VALID [2022-02-20 18:04:45,408 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:04:45,409 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,410 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,410 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,410 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1747#return; {21323#true} is VALID [2022-02-20 18:04:45,414 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:04:45,415 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,417 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:45,417 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,418 INFO L290 TraceCheckUtils]: 0: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,419 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,419 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,419 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21323#true} #1731#return; {21323#true} is VALID [2022-02-20 18:04:45,419 INFO L290 TraceCheckUtils]: 0: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {21323#true} is VALID [2022-02-20 18:04:45,420 INFO L272 TraceCheckUtils]: 1: Hoare triple {21323#true} call setClientId(~bob___0, ~bob___0); {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:45,420 INFO L290 TraceCheckUtils]: 2: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,420 INFO L290 TraceCheckUtils]: 3: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,420 INFO L290 TraceCheckUtils]: 4: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,420 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21323#true} {21323#true} #1731#return; {21323#true} is VALID [2022-02-20 18:04:45,420 INFO L290 TraceCheckUtils]: 6: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,420 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21323#true} {21323#true} #1749#return; {21323#true} is VALID [2022-02-20 18:04:45,426 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:04:45,427 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,429 INFO L290 TraceCheckUtils]: 0: Hoare triple {21421#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,429 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,429 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,429 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21323#true} #1751#return; {21323#true} is VALID [2022-02-20 18:04:45,429 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:04:45,431 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,446 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:45,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,461 INFO L290 TraceCheckUtils]: 0: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21428#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:45,462 INFO L290 TraceCheckUtils]: 1: Hoare triple {21428#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21429#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:45,462 INFO L290 TraceCheckUtils]: 2: Hoare triple {21429#(= |setClientId_#in~handle| 1)} assume true; {21429#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:45,462 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21429#(= |setClientId_#in~handle| 1)} {21422#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {21427#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:45,463 INFO L290 TraceCheckUtils]: 0: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {21422#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:45,463 INFO L272 TraceCheckUtils]: 1: Hoare triple {21422#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:45,464 INFO L290 TraceCheckUtils]: 2: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21428#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:45,464 INFO L290 TraceCheckUtils]: 3: Hoare triple {21428#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21429#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:45,464 INFO L290 TraceCheckUtils]: 4: Hoare triple {21429#(= |setClientId_#in~handle| 1)} assume true; {21429#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:45,465 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21429#(= |setClientId_#in~handle| 1)} {21422#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {21427#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:45,465 INFO L290 TraceCheckUtils]: 6: Hoare triple {21427#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {21427#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:45,465 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21427#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {21362#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1755#return; {21324#false} is VALID [2022-02-20 18:04:45,466 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:04:45,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,468 INFO L290 TraceCheckUtils]: 0: Hoare triple {21421#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,468 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,469 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,469 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1757#return; {21324#false} is VALID [2022-02-20 18:04:45,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:04:45,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,473 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:45,473 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,475 INFO L290 TraceCheckUtils]: 0: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,475 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,475 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,475 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21323#true} #1625#return; {21323#true} is VALID [2022-02-20 18:04:45,476 INFO L290 TraceCheckUtils]: 0: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {21323#true} is VALID [2022-02-20 18:04:45,476 INFO L272 TraceCheckUtils]: 1: Hoare triple {21323#true} call setClientId(~chuck___0, ~chuck___0); {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:45,476 INFO L290 TraceCheckUtils]: 2: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,476 INFO L290 TraceCheckUtils]: 3: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,476 INFO L290 TraceCheckUtils]: 4: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,477 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21323#true} {21323#true} #1625#return; {21323#true} is VALID [2022-02-20 18:04:45,477 INFO L290 TraceCheckUtils]: 6: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,477 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21323#true} {21324#false} #1761#return; {21324#false} is VALID [2022-02-20 18:04:45,477 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:04:45,478 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,480 INFO L290 TraceCheckUtils]: 0: Hoare triple {21421#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,480 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,480 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,480 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1763#return; {21324#false} is VALID [2022-02-20 18:04:45,487 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:04:45,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,489 INFO L290 TraceCheckUtils]: 0: Hoare triple {21434#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,489 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,490 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,490 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1647#return; {21324#false} is VALID [2022-02-20 18:04:45,496 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:04:45,498 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {21435#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,500 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,500 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,500 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1649#return; {21324#false} is VALID [2022-02-20 18:04:45,500 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 132 [2022-02-20 18:04:45,501 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,502 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21323#true} is VALID [2022-02-20 18:04:45,503 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~9; {21323#true} is VALID [2022-02-20 18:04:45,503 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,503 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1627#return; {21324#false} is VALID [2022-02-20 18:04:45,503 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 18:04:45,504 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,505 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} ~handle := #in~handle;havoc ~retValue_acc~26; {21323#true} is VALID [2022-02-20 18:04:45,505 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {21323#true} is VALID [2022-02-20 18:04:45,505 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,505 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1613#return; {21324#false} is VALID [2022-02-20 18:04:45,505 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 148 [2022-02-20 18:04:45,506 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,508 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:04:45,508 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle; {21323#true} is VALID [2022-02-20 18:04:45,508 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:04:45,508 INFO L290 TraceCheckUtils]: 3: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,508 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21323#true} {21324#false} #1615#return; {21324#false} is VALID [2022-02-20 18:04:45,508 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 160 [2022-02-20 18:04:45,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,511 INFO L290 TraceCheckUtils]: 0: Hoare triple {21434#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,511 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,511 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,514 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1659#return; {21324#false} is VALID [2022-02-20 18:04:45,514 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 167 [2022-02-20 18:04:45,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} ~handle := #in~handle;havoc ~retValue_acc~29; {21323#true} is VALID [2022-02-20 18:04:45,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {21323#true} is VALID [2022-02-20 18:04:45,518 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,518 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1661#return; {21324#false} is VALID [2022-02-20 18:04:45,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {21323#true} is VALID [2022-02-20 18:04:45,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {21323#true} is VALID [2022-02-20 18:04:45,518 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {21323#true} is VALID [2022-02-20 18:04:45,519 INFO L272 TraceCheckUtils]: 3: Hoare triple {21323#true} call select_features_#t~ret5#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:45,519 INFO L290 TraceCheckUtils]: 4: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,519 INFO L290 TraceCheckUtils]: 5: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,519 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21323#true} {21323#true} #1733#return; {21323#true} is VALID [2022-02-20 18:04:45,519 INFO L290 TraceCheckUtils]: 7: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {21323#true} is VALID [2022-02-20 18:04:45,519 INFO L272 TraceCheckUtils]: 8: Hoare triple {21323#true} call select_features_#t~ret6#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:45,519 INFO L290 TraceCheckUtils]: 9: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,519 INFO L290 TraceCheckUtils]: 10: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,520 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {21323#true} {21323#true} #1735#return; {21323#true} is VALID [2022-02-20 18:04:45,520 INFO L290 TraceCheckUtils]: 12: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {21323#true} is VALID [2022-02-20 18:04:45,520 INFO L272 TraceCheckUtils]: 13: Hoare triple {21323#true} call select_features_#t~ret7#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:45,520 INFO L290 TraceCheckUtils]: 14: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,520 INFO L290 TraceCheckUtils]: 15: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,520 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21323#true} {21323#true} #1737#return; {21323#true} is VALID [2022-02-20 18:04:45,520 INFO L290 TraceCheckUtils]: 17: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {21323#true} is VALID [2022-02-20 18:04:45,520 INFO L272 TraceCheckUtils]: 18: Hoare triple {21323#true} call select_features_#t~ret8#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:45,521 INFO L290 TraceCheckUtils]: 19: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,521 INFO L290 TraceCheckUtils]: 20: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,521 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {21323#true} {21323#true} #1739#return; {21323#true} is VALID [2022-02-20 18:04:45,521 INFO L290 TraceCheckUtils]: 22: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {21323#true} is VALID [2022-02-20 18:04:45,521 INFO L272 TraceCheckUtils]: 23: Hoare triple {21323#true} call select_features_#t~ret9#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:45,521 INFO L290 TraceCheckUtils]: 24: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,521 INFO L290 TraceCheckUtils]: 25: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,521 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {21323#true} {21323#true} #1741#return; {21323#true} is VALID [2022-02-20 18:04:45,521 INFO L290 TraceCheckUtils]: 27: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {21323#true} is VALID [2022-02-20 18:04:45,522 INFO L272 TraceCheckUtils]: 28: Hoare triple {21323#true} call select_features_#t~ret10#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:45,522 INFO L290 TraceCheckUtils]: 29: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,522 INFO L290 TraceCheckUtils]: 30: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,522 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {21323#true} {21323#true} #1743#return; {21323#true} is VALID [2022-02-20 18:04:45,522 INFO L290 TraceCheckUtils]: 32: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {21323#true} is VALID [2022-02-20 18:04:45,522 INFO L272 TraceCheckUtils]: 33: Hoare triple {21323#true} call select_features_#t~ret11#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:45,522 INFO L290 TraceCheckUtils]: 34: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,522 INFO L290 TraceCheckUtils]: 35: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,523 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {21323#true} {21323#true} #1745#return; {21323#true} is VALID [2022-02-20 18:04:45,523 INFO L290 TraceCheckUtils]: 37: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {21323#true} is VALID [2022-02-20 18:04:45,523 INFO L272 TraceCheckUtils]: 38: Hoare triple {21323#true} call select_features_#t~ret12#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:45,523 INFO L290 TraceCheckUtils]: 39: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:45,523 INFO L290 TraceCheckUtils]: 40: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,523 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {21323#true} {21323#true} #1747#return; {21323#true} is VALID [2022-02-20 18:04:45,523 INFO L290 TraceCheckUtils]: 42: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {21323#true} is VALID [2022-02-20 18:04:45,523 INFO L290 TraceCheckUtils]: 43: Hoare triple {21323#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {21323#true} is VALID [2022-02-20 18:04:45,523 INFO L290 TraceCheckUtils]: 44: Hoare triple {21323#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21323#true} is VALID [2022-02-20 18:04:45,524 INFO L290 TraceCheckUtils]: 45: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {21323#true} is VALID [2022-02-20 18:04:45,524 INFO L290 TraceCheckUtils]: 46: Hoare triple {21323#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {21323#true} is VALID [2022-02-20 18:04:45,524 INFO L290 TraceCheckUtils]: 47: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {21323#true} is VALID [2022-02-20 18:04:45,524 INFO L290 TraceCheckUtils]: 48: Hoare triple {21323#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21323#true} is VALID [2022-02-20 18:04:45,524 INFO L290 TraceCheckUtils]: 49: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {21323#true} is VALID [2022-02-20 18:04:45,524 INFO L290 TraceCheckUtils]: 50: Hoare triple {21323#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21323#true} is VALID [2022-02-20 18:04:45,524 INFO L290 TraceCheckUtils]: 51: Hoare triple {21323#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {21323#true} is VALID [2022-02-20 18:04:45,524 INFO L290 TraceCheckUtils]: 52: Hoare triple {21323#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21323#true} is VALID [2022-02-20 18:04:45,525 INFO L290 TraceCheckUtils]: 53: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {21323#true} is VALID [2022-02-20 18:04:45,525 INFO L290 TraceCheckUtils]: 54: Hoare triple {21323#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {21323#true} is VALID [2022-02-20 18:04:45,525 INFO L290 TraceCheckUtils]: 55: Hoare triple {21323#true} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {21323#true} is VALID [2022-02-20 18:04:45,525 INFO L290 TraceCheckUtils]: 56: Hoare triple {21323#true} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {21323#true} is VALID [2022-02-20 18:04:45,525 INFO L290 TraceCheckUtils]: 57: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {21323#true} is VALID [2022-02-20 18:04:45,526 INFO L272 TraceCheckUtils]: 58: Hoare triple {21323#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:45,526 INFO L290 TraceCheckUtils]: 59: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {21323#true} is VALID [2022-02-20 18:04:45,526 INFO L272 TraceCheckUtils]: 60: Hoare triple {21323#true} call setClientId(~bob___0, ~bob___0); {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:45,526 INFO L290 TraceCheckUtils]: 61: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,526 INFO L290 TraceCheckUtils]: 62: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,527 INFO L290 TraceCheckUtils]: 63: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,527 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21323#true} {21323#true} #1731#return; {21323#true} is VALID [2022-02-20 18:04:45,527 INFO L290 TraceCheckUtils]: 65: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,527 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21323#true} {21323#true} #1749#return; {21323#true} is VALID [2022-02-20 18:04:45,527 INFO L272 TraceCheckUtils]: 67: Hoare triple {21323#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {21421#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:45,527 INFO L290 TraceCheckUtils]: 68: Hoare triple {21421#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,528 INFO L290 TraceCheckUtils]: 69: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,528 INFO L290 TraceCheckUtils]: 70: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,528 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21323#true} {21323#true} #1751#return; {21323#true} is VALID [2022-02-20 18:04:45,528 INFO L290 TraceCheckUtils]: 72: Hoare triple {21323#true} assume { :end_inline_setup_bob__role__Keys } true; {21323#true} is VALID [2022-02-20 18:04:45,528 INFO L290 TraceCheckUtils]: 73: Hoare triple {21323#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {21361#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:45,529 INFO L290 TraceCheckUtils]: 74: Hoare triple {21361#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {21362#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:45,529 INFO L272 TraceCheckUtils]: 75: Hoare triple {21362#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:45,530 INFO L290 TraceCheckUtils]: 76: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {21422#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:45,530 INFO L272 TraceCheckUtils]: 77: Hoare triple {21422#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:45,530 INFO L290 TraceCheckUtils]: 78: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21428#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:45,531 INFO L290 TraceCheckUtils]: 79: Hoare triple {21428#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21429#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:45,531 INFO L290 TraceCheckUtils]: 80: Hoare triple {21429#(= |setClientId_#in~handle| 1)} assume true; {21429#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:45,531 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21429#(= |setClientId_#in~handle| 1)} {21422#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {21427#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:45,532 INFO L290 TraceCheckUtils]: 82: Hoare triple {21427#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {21427#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:45,532 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {21427#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {21362#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1755#return; {21324#false} is VALID [2022-02-20 18:04:45,532 INFO L272 TraceCheckUtils]: 84: Hoare triple {21324#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {21421#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:45,532 INFO L290 TraceCheckUtils]: 85: Hoare triple {21421#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,532 INFO L290 TraceCheckUtils]: 86: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,532 INFO L290 TraceCheckUtils]: 87: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,533 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21323#true} {21324#false} #1757#return; {21324#false} is VALID [2022-02-20 18:04:45,533 INFO L290 TraceCheckUtils]: 89: Hoare triple {21324#false} assume { :end_inline_setup_rjh__role__Keys } true; {21324#false} is VALID [2022-02-20 18:04:45,533 INFO L290 TraceCheckUtils]: 90: Hoare triple {21324#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {21324#false} is VALID [2022-02-20 18:04:45,533 INFO L290 TraceCheckUtils]: 91: Hoare triple {21324#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {21324#false} is VALID [2022-02-20 18:04:45,533 INFO L272 TraceCheckUtils]: 92: Hoare triple {21324#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:45,533 INFO L290 TraceCheckUtils]: 93: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {21323#true} is VALID [2022-02-20 18:04:45,534 INFO L272 TraceCheckUtils]: 94: Hoare triple {21323#true} call setClientId(~chuck___0, ~chuck___0); {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:45,534 INFO L290 TraceCheckUtils]: 95: Hoare triple {21416#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,534 INFO L290 TraceCheckUtils]: 96: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,534 INFO L290 TraceCheckUtils]: 97: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,534 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21323#true} {21323#true} #1625#return; {21323#true} is VALID [2022-02-20 18:04:45,534 INFO L290 TraceCheckUtils]: 99: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,534 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21323#true} {21324#false} #1761#return; {21324#false} is VALID [2022-02-20 18:04:45,535 INFO L272 TraceCheckUtils]: 101: Hoare triple {21324#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {21421#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:45,535 INFO L290 TraceCheckUtils]: 102: Hoare triple {21421#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,535 INFO L290 TraceCheckUtils]: 103: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,535 INFO L290 TraceCheckUtils]: 104: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,535 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21323#true} {21324#false} #1763#return; {21324#false} is VALID [2022-02-20 18:04:45,535 INFO L290 TraceCheckUtils]: 106: Hoare triple {21324#false} assume { :end_inline_setup_chuck__role__Keys } true; {21324#false} is VALID [2022-02-20 18:04:45,535 INFO L290 TraceCheckUtils]: 107: Hoare triple {21324#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {21324#false} is VALID [2022-02-20 18:04:45,535 INFO L290 TraceCheckUtils]: 108: Hoare triple {21324#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21324#false} is VALID [2022-02-20 18:04:45,536 INFO L290 TraceCheckUtils]: 109: Hoare triple {21324#false} assume !false; {21324#false} is VALID [2022-02-20 18:04:45,536 INFO L290 TraceCheckUtils]: 110: Hoare triple {21324#false} assume !(test_~splverifierCounter~0#1 < 4); {21324#false} is VALID [2022-02-20 18:04:45,536 INFO L290 TraceCheckUtils]: 111: Hoare triple {21324#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {21324#false} is VALID [2022-02-20 18:04:45,536 INFO L272 TraceCheckUtils]: 112: Hoare triple {21324#false} call sendEmail(~bob~0, ~rjh~0); {21324#false} is VALID [2022-02-20 18:04:45,536 INFO L290 TraceCheckUtils]: 113: Hoare triple {21324#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21324#false} is VALID [2022-02-20 18:04:45,536 INFO L272 TraceCheckUtils]: 114: Hoare triple {21324#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21434#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:45,536 INFO L290 TraceCheckUtils]: 115: Hoare triple {21434#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,536 INFO L290 TraceCheckUtils]: 116: Hoare triple {21323#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,537 INFO L290 TraceCheckUtils]: 117: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,537 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {21323#true} {21324#false} #1647#return; {21324#false} is VALID [2022-02-20 18:04:45,537 INFO L272 TraceCheckUtils]: 119: Hoare triple {21324#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21435#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:45,537 INFO L290 TraceCheckUtils]: 120: Hoare triple {21435#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,537 INFO L290 TraceCheckUtils]: 121: Hoare triple {21323#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,537 INFO L290 TraceCheckUtils]: 122: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,537 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {21323#true} {21324#false} #1649#return; {21324#false} is VALID [2022-02-20 18:04:45,537 INFO L290 TraceCheckUtils]: 124: Hoare triple {21324#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {21324#false} is VALID [2022-02-20 18:04:45,537 INFO L290 TraceCheckUtils]: 125: Hoare triple {21324#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {21324#false} is VALID [2022-02-20 18:04:45,538 INFO L272 TraceCheckUtils]: 126: Hoare triple {21324#false} call outgoing(~sender#1, ~email~0#1); {21324#false} is VALID [2022-02-20 18:04:45,538 INFO L290 TraceCheckUtils]: 127: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21324#false} is VALID [2022-02-20 18:04:45,538 INFO L290 TraceCheckUtils]: 128: Hoare triple {21324#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {21324#false} is VALID [2022-02-20 18:04:45,538 INFO L272 TraceCheckUtils]: 129: Hoare triple {21324#false} call outgoing__before__Sign(~client#1, ~msg#1); {21324#false} is VALID [2022-02-20 18:04:45,538 INFO L290 TraceCheckUtils]: 130: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21324#false} is VALID [2022-02-20 18:04:45,538 INFO L290 TraceCheckUtils]: 131: Hoare triple {21324#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret83#1, outgoing__role__AddressBook_#t~ret84#1, outgoing__role__AddressBook_#t~ret85#1, outgoing__role__AddressBook_#t~ret86#1, outgoing__role__AddressBook_#t~ret87#1, outgoing__role__AddressBook_#t~ret88#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~2#1, outgoing__role__AddressBook_~tmp~16#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~5#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~2#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~2#1;havoc outgoing__role__AddressBook_~tmp~16#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~5#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~2#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {21324#false} is VALID [2022-02-20 18:04:45,538 INFO L272 TraceCheckUtils]: 132: Hoare triple {21324#false} call outgoing__role__AddressBook_#t~ret83#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {21323#true} is VALID [2022-02-20 18:04:45,538 INFO L290 TraceCheckUtils]: 133: Hoare triple {21323#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21323#true} is VALID [2022-02-20 18:04:45,539 INFO L290 TraceCheckUtils]: 134: Hoare triple {21323#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~9; {21323#true} is VALID [2022-02-20 18:04:45,539 INFO L290 TraceCheckUtils]: 135: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,539 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {21323#true} {21324#false} #1627#return; {21324#false} is VALID [2022-02-20 18:04:45,539 INFO L290 TraceCheckUtils]: 137: Hoare triple {21324#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret83#1 && outgoing__role__AddressBook_#t~ret83#1 <= 2147483647;outgoing__role__AddressBook_~tmp~16#1 := outgoing__role__AddressBook_#t~ret83#1;havoc outgoing__role__AddressBook_#t~ret83#1;outgoing__role__AddressBook_~size~2#1 := outgoing__role__AddressBook_~tmp~16#1; {21324#false} is VALID [2022-02-20 18:04:45,539 INFO L290 TraceCheckUtils]: 138: Hoare triple {21324#false} assume !(0 != outgoing__role__AddressBook_~size~2#1); {21324#false} is VALID [2022-02-20 18:04:45,539 INFO L272 TraceCheckUtils]: 139: Hoare triple {21324#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {21324#false} is VALID [2022-02-20 18:04:45,539 INFO L290 TraceCheckUtils]: 140: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21324#false} is VALID [2022-02-20 18:04:45,539 INFO L290 TraceCheckUtils]: 141: Hoare triple {21324#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret81#1, outgoing__role__Encrypt_#t~ret82#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~15#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~15#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {21324#false} is VALID [2022-02-20 18:04:45,540 INFO L272 TraceCheckUtils]: 142: Hoare triple {21324#false} call outgoing__role__Encrypt_#t~ret81#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {21323#true} is VALID [2022-02-20 18:04:45,540 INFO L290 TraceCheckUtils]: 143: Hoare triple {21323#true} ~handle := #in~handle;havoc ~retValue_acc~26; {21323#true} is VALID [2022-02-20 18:04:45,540 INFO L290 TraceCheckUtils]: 144: Hoare triple {21323#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {21323#true} is VALID [2022-02-20 18:04:45,540 INFO L290 TraceCheckUtils]: 145: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,540 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {21323#true} {21324#false} #1613#return; {21324#false} is VALID [2022-02-20 18:04:45,540 INFO L290 TraceCheckUtils]: 147: Hoare triple {21324#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret81#1 && outgoing__role__Encrypt_#t~ret81#1 <= 2147483647;outgoing__role__Encrypt_~tmp~15#1 := outgoing__role__Encrypt_#t~ret81#1;havoc outgoing__role__Encrypt_#t~ret81#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~15#1; {21324#false} is VALID [2022-02-20 18:04:45,540 INFO L272 TraceCheckUtils]: 148: Hoare triple {21324#false} call outgoing__role__Encrypt_#t~ret82#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {21323#true} is VALID [2022-02-20 18:04:45,540 INFO L290 TraceCheckUtils]: 149: Hoare triple {21323#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:04:45,541 INFO L290 TraceCheckUtils]: 150: Hoare triple {21323#true} assume 1 == ~handle; {21323#true} is VALID [2022-02-20 18:04:45,541 INFO L290 TraceCheckUtils]: 151: Hoare triple {21323#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:04:45,541 INFO L290 TraceCheckUtils]: 152: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,541 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {21323#true} {21324#false} #1615#return; {21324#false} is VALID [2022-02-20 18:04:45,541 INFO L290 TraceCheckUtils]: 154: Hoare triple {21324#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret82#1 && outgoing__role__Encrypt_#t~ret82#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret82#1;havoc outgoing__role__Encrypt_#t~ret82#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {21324#false} is VALID [2022-02-20 18:04:45,541 INFO L290 TraceCheckUtils]: 155: Hoare triple {21324#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {21324#false} is VALID [2022-02-20 18:04:45,541 INFO L272 TraceCheckUtils]: 156: Hoare triple {21324#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {21324#false} is VALID [2022-02-20 18:04:45,541 INFO L290 TraceCheckUtils]: 157: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {21324#false} is VALID [2022-02-20 18:04:45,541 INFO L290 TraceCheckUtils]: 158: Hoare triple {21324#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {21324#false} is VALID [2022-02-20 18:04:45,542 INFO L290 TraceCheckUtils]: 159: Hoare triple {21324#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {21324#false} is VALID [2022-02-20 18:04:45,542 INFO L272 TraceCheckUtils]: 160: Hoare triple {21324#false} call setEmailFrom(~msg#1, ~tmp~14#1); {21434#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:45,542 INFO L290 TraceCheckUtils]: 161: Hoare triple {21434#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:45,542 INFO L290 TraceCheckUtils]: 162: Hoare triple {21323#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:45,542 INFO L290 TraceCheckUtils]: 163: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,542 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {21323#true} {21324#false} #1659#return; {21324#false} is VALID [2022-02-20 18:04:45,542 INFO L290 TraceCheckUtils]: 165: Hoare triple {21324#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {21324#false} is VALID [2022-02-20 18:04:45,542 INFO L290 TraceCheckUtils]: 166: Hoare triple {21324#false} assume 0 != ~in_encrypted~0; {21324#false} is VALID [2022-02-20 18:04:45,543 INFO L272 TraceCheckUtils]: 167: Hoare triple {21324#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {21323#true} is VALID [2022-02-20 18:04:45,543 INFO L290 TraceCheckUtils]: 168: Hoare triple {21323#true} ~handle := #in~handle;havoc ~retValue_acc~29; {21323#true} is VALID [2022-02-20 18:04:45,543 INFO L290 TraceCheckUtils]: 169: Hoare triple {21323#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {21323#true} is VALID [2022-02-20 18:04:45,543 INFO L290 TraceCheckUtils]: 170: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:45,543 INFO L284 TraceCheckUtils]: 171: Hoare quadruple {21323#true} {21324#false} #1661#return; {21324#false} is VALID [2022-02-20 18:04:45,543 INFO L290 TraceCheckUtils]: 172: Hoare triple {21324#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {21324#false} is VALID [2022-02-20 18:04:45,543 INFO L290 TraceCheckUtils]: 173: Hoare triple {21324#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {21324#false} is VALID [2022-02-20 18:04:45,543 INFO L290 TraceCheckUtils]: 174: Hoare triple {21324#false} assume !false; {21324#false} is VALID [2022-02-20 18:04:45,544 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 106 trivial. 0 not checked. [2022-02-20 18:04:45,544 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:45,544 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [522452762] [2022-02-20 18:04:45,544 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [522452762] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:45,544 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [262660399] [2022-02-20 18:04:45,545 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:45,545 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:45,545 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:45,546 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:45,548 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:04:45,811 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,816 INFO L263 TraceCheckSpWp]: Trace formula consists of 1481 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:04:45,887 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:45,894 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:46,334 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {21323#true} is VALID [2022-02-20 18:04:46,335 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {21323#true} is VALID [2022-02-20 18:04:46,335 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {21323#true} is VALID [2022-02-20 18:04:46,335 INFO L272 TraceCheckUtils]: 3: Hoare triple {21323#true} call select_features_#t~ret5#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:46,335 INFO L290 TraceCheckUtils]: 4: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:46,335 INFO L290 TraceCheckUtils]: 5: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,335 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21323#true} {21323#true} #1733#return; {21323#true} is VALID [2022-02-20 18:04:46,335 INFO L290 TraceCheckUtils]: 7: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {21323#true} is VALID [2022-02-20 18:04:46,335 INFO L272 TraceCheckUtils]: 8: Hoare triple {21323#true} call select_features_#t~ret6#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:46,335 INFO L290 TraceCheckUtils]: 9: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:46,335 INFO L290 TraceCheckUtils]: 10: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,335 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {21323#true} {21323#true} #1735#return; {21323#true} is VALID [2022-02-20 18:04:46,335 INFO L290 TraceCheckUtils]: 12: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L272 TraceCheckUtils]: 13: Hoare triple {21323#true} call select_features_#t~ret7#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L290 TraceCheckUtils]: 14: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L290 TraceCheckUtils]: 15: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21323#true} {21323#true} #1737#return; {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L290 TraceCheckUtils]: 17: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L272 TraceCheckUtils]: 18: Hoare triple {21323#true} call select_features_#t~ret8#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L290 TraceCheckUtils]: 19: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L290 TraceCheckUtils]: 20: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {21323#true} {21323#true} #1739#return; {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L290 TraceCheckUtils]: 22: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L272 TraceCheckUtils]: 23: Hoare triple {21323#true} call select_features_#t~ret9#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L290 TraceCheckUtils]: 24: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L290 TraceCheckUtils]: 25: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {21323#true} {21323#true} #1741#return; {21323#true} is VALID [2022-02-20 18:04:46,336 INFO L290 TraceCheckUtils]: 27: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L272 TraceCheckUtils]: 28: Hoare triple {21323#true} call select_features_#t~ret10#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L290 TraceCheckUtils]: 29: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L290 TraceCheckUtils]: 30: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {21323#true} {21323#true} #1743#return; {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L290 TraceCheckUtils]: 32: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L272 TraceCheckUtils]: 33: Hoare triple {21323#true} call select_features_#t~ret11#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L290 TraceCheckUtils]: 34: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L290 TraceCheckUtils]: 35: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {21323#true} {21323#true} #1745#return; {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L290 TraceCheckUtils]: 37: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L272 TraceCheckUtils]: 38: Hoare triple {21323#true} call select_features_#t~ret12#1 := select_one(); {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L290 TraceCheckUtils]: 39: Hoare triple {21323#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L290 TraceCheckUtils]: 40: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {21323#true} {21323#true} #1747#return; {21323#true} is VALID [2022-02-20 18:04:46,337 INFO L290 TraceCheckUtils]: 42: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {21323#true} is VALID [2022-02-20 18:04:46,338 INFO L290 TraceCheckUtils]: 43: Hoare triple {21323#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {21323#true} is VALID [2022-02-20 18:04:46,338 INFO L290 TraceCheckUtils]: 44: Hoare triple {21323#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21323#true} is VALID [2022-02-20 18:04:46,338 INFO L290 TraceCheckUtils]: 45: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {21323#true} is VALID [2022-02-20 18:04:46,338 INFO L290 TraceCheckUtils]: 46: Hoare triple {21323#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {21323#true} is VALID [2022-02-20 18:04:46,338 INFO L290 TraceCheckUtils]: 47: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {21323#true} is VALID [2022-02-20 18:04:46,338 INFO L290 TraceCheckUtils]: 48: Hoare triple {21323#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21323#true} is VALID [2022-02-20 18:04:46,338 INFO L290 TraceCheckUtils]: 49: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {21323#true} is VALID [2022-02-20 18:04:46,365 INFO L290 TraceCheckUtils]: 50: Hoare triple {21323#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L290 TraceCheckUtils]: 51: Hoare triple {21323#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L290 TraceCheckUtils]: 52: Hoare triple {21323#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L290 TraceCheckUtils]: 53: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L290 TraceCheckUtils]: 54: Hoare triple {21323#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L290 TraceCheckUtils]: 55: Hoare triple {21323#true} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L290 TraceCheckUtils]: 56: Hoare triple {21323#true} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L290 TraceCheckUtils]: 57: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L272 TraceCheckUtils]: 58: Hoare triple {21323#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L290 TraceCheckUtils]: 59: Hoare triple {21323#true} ~bob___0 := #in~bob___0; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L272 TraceCheckUtils]: 60: Hoare triple {21323#true} call setClientId(~bob___0, ~bob___0); {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L290 TraceCheckUtils]: 61: Hoare triple {21323#true} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L290 TraceCheckUtils]: 62: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L290 TraceCheckUtils]: 63: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21323#true} {21323#true} #1731#return; {21323#true} is VALID [2022-02-20 18:04:46,366 INFO L290 TraceCheckUtils]: 65: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21323#true} {21323#true} #1749#return; {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L272 TraceCheckUtils]: 67: Hoare triple {21323#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L290 TraceCheckUtils]: 68: Hoare triple {21323#true} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L290 TraceCheckUtils]: 69: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L290 TraceCheckUtils]: 70: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21323#true} {21323#true} #1751#return; {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L290 TraceCheckUtils]: 72: Hoare triple {21323#true} assume { :end_inline_setup_bob__role__Keys } true; {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L290 TraceCheckUtils]: 73: Hoare triple {21323#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L290 TraceCheckUtils]: 74: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L272 TraceCheckUtils]: 75: Hoare triple {21323#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L290 TraceCheckUtils]: 76: Hoare triple {21323#true} ~rjh___0 := #in~rjh___0; {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L272 TraceCheckUtils]: 77: Hoare triple {21323#true} call setClientId(~rjh___0, ~rjh___0); {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L290 TraceCheckUtils]: 78: Hoare triple {21323#true} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L290 TraceCheckUtils]: 79: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:46,367 INFO L290 TraceCheckUtils]: 80: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21323#true} {21323#true} #1683#return; {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L290 TraceCheckUtils]: 82: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {21323#true} {21323#true} #1755#return; {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L272 TraceCheckUtils]: 84: Hoare triple {21323#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L290 TraceCheckUtils]: 85: Hoare triple {21323#true} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L290 TraceCheckUtils]: 86: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L290 TraceCheckUtils]: 87: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21323#true} {21323#true} #1757#return; {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L290 TraceCheckUtils]: 89: Hoare triple {21323#true} assume { :end_inline_setup_rjh__role__Keys } true; {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L290 TraceCheckUtils]: 90: Hoare triple {21323#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L290 TraceCheckUtils]: 91: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L272 TraceCheckUtils]: 92: Hoare triple {21323#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L290 TraceCheckUtils]: 93: Hoare triple {21323#true} ~chuck___0 := #in~chuck___0; {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L272 TraceCheckUtils]: 94: Hoare triple {21323#true} call setClientId(~chuck___0, ~chuck___0); {21323#true} is VALID [2022-02-20 18:04:46,368 INFO L290 TraceCheckUtils]: 95: Hoare triple {21323#true} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:46,369 INFO L290 TraceCheckUtils]: 96: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:46,369 INFO L290 TraceCheckUtils]: 97: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,369 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21323#true} {21323#true} #1625#return; {21323#true} is VALID [2022-02-20 18:04:46,369 INFO L290 TraceCheckUtils]: 99: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,369 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21323#true} {21323#true} #1761#return; {21323#true} is VALID [2022-02-20 18:04:46,369 INFO L272 TraceCheckUtils]: 101: Hoare triple {21323#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {21323#true} is VALID [2022-02-20 18:04:46,369 INFO L290 TraceCheckUtils]: 102: Hoare triple {21323#true} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:04:46,369 INFO L290 TraceCheckUtils]: 103: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:04:46,369 INFO L290 TraceCheckUtils]: 104: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:04:46,369 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21323#true} {21323#true} #1763#return; {21323#true} is VALID [2022-02-20 18:04:46,369 INFO L290 TraceCheckUtils]: 106: Hoare triple {21323#true} assume { :end_inline_setup_chuck__role__Keys } true; {21323#true} is VALID [2022-02-20 18:04:46,369 INFO L290 TraceCheckUtils]: 107: Hoare triple {21323#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {21323#true} is VALID [2022-02-20 18:04:46,370 INFO L290 TraceCheckUtils]: 108: Hoare triple {21323#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21763#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:46,370 INFO L290 TraceCheckUtils]: 109: Hoare triple {21763#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {21763#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:04:46,371 INFO L290 TraceCheckUtils]: 110: Hoare triple {21763#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L290 TraceCheckUtils]: 111: Hoare triple {21324#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L272 TraceCheckUtils]: 112: Hoare triple {21324#false} call sendEmail(~bob~0, ~rjh~0); {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L290 TraceCheckUtils]: 113: Hoare triple {21324#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L272 TraceCheckUtils]: 114: Hoare triple {21324#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L290 TraceCheckUtils]: 115: Hoare triple {21324#false} ~handle := #in~handle;~value := #in~value; {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L290 TraceCheckUtils]: 116: Hoare triple {21324#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L290 TraceCheckUtils]: 117: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {21324#false} {21324#false} #1647#return; {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L272 TraceCheckUtils]: 119: Hoare triple {21324#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L290 TraceCheckUtils]: 120: Hoare triple {21324#false} ~handle := #in~handle;~value := #in~value; {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L290 TraceCheckUtils]: 121: Hoare triple {21324#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L290 TraceCheckUtils]: 122: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {21324#false} {21324#false} #1649#return; {21324#false} is VALID [2022-02-20 18:04:46,371 INFO L290 TraceCheckUtils]: 124: Hoare triple {21324#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L290 TraceCheckUtils]: 125: Hoare triple {21324#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L272 TraceCheckUtils]: 126: Hoare triple {21324#false} call outgoing(~sender#1, ~email~0#1); {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L290 TraceCheckUtils]: 127: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L290 TraceCheckUtils]: 128: Hoare triple {21324#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L272 TraceCheckUtils]: 129: Hoare triple {21324#false} call outgoing__before__Sign(~client#1, ~msg#1); {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L290 TraceCheckUtils]: 130: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L290 TraceCheckUtils]: 131: Hoare triple {21324#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret83#1, outgoing__role__AddressBook_#t~ret84#1, outgoing__role__AddressBook_#t~ret85#1, outgoing__role__AddressBook_#t~ret86#1, outgoing__role__AddressBook_#t~ret87#1, outgoing__role__AddressBook_#t~ret88#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~2#1, outgoing__role__AddressBook_~tmp~16#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~5#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~2#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~2#1;havoc outgoing__role__AddressBook_~tmp~16#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~5#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~2#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L272 TraceCheckUtils]: 132: Hoare triple {21324#false} call outgoing__role__AddressBook_#t~ret83#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L290 TraceCheckUtils]: 133: Hoare triple {21324#false} ~handle := #in~handle;havoc ~retValue_acc~9; {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L290 TraceCheckUtils]: 134: Hoare triple {21324#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~9; {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L290 TraceCheckUtils]: 135: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {21324#false} {21324#false} #1627#return; {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L290 TraceCheckUtils]: 137: Hoare triple {21324#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret83#1 && outgoing__role__AddressBook_#t~ret83#1 <= 2147483647;outgoing__role__AddressBook_~tmp~16#1 := outgoing__role__AddressBook_#t~ret83#1;havoc outgoing__role__AddressBook_#t~ret83#1;outgoing__role__AddressBook_~size~2#1 := outgoing__role__AddressBook_~tmp~16#1; {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L290 TraceCheckUtils]: 138: Hoare triple {21324#false} assume !(0 != outgoing__role__AddressBook_~size~2#1); {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L272 TraceCheckUtils]: 139: Hoare triple {21324#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {21324#false} is VALID [2022-02-20 18:04:46,372 INFO L290 TraceCheckUtils]: 140: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L290 TraceCheckUtils]: 141: Hoare triple {21324#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret81#1, outgoing__role__Encrypt_#t~ret82#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~15#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~15#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L272 TraceCheckUtils]: 142: Hoare triple {21324#false} call outgoing__role__Encrypt_#t~ret81#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L290 TraceCheckUtils]: 143: Hoare triple {21324#false} ~handle := #in~handle;havoc ~retValue_acc~26; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L290 TraceCheckUtils]: 144: Hoare triple {21324#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L290 TraceCheckUtils]: 145: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {21324#false} {21324#false} #1613#return; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L290 TraceCheckUtils]: 147: Hoare triple {21324#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret81#1 && outgoing__role__Encrypt_#t~ret81#1 <= 2147483647;outgoing__role__Encrypt_~tmp~15#1 := outgoing__role__Encrypt_#t~ret81#1;havoc outgoing__role__Encrypt_#t~ret81#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~15#1; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L272 TraceCheckUtils]: 148: Hoare triple {21324#false} call outgoing__role__Encrypt_#t~ret82#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L290 TraceCheckUtils]: 149: Hoare triple {21324#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L290 TraceCheckUtils]: 150: Hoare triple {21324#false} assume 1 == ~handle; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L290 TraceCheckUtils]: 151: Hoare triple {21324#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L290 TraceCheckUtils]: 152: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {21324#false} {21324#false} #1615#return; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L290 TraceCheckUtils]: 154: Hoare triple {21324#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret82#1 && outgoing__role__Encrypt_#t~ret82#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret82#1;havoc outgoing__role__Encrypt_#t~ret82#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {21324#false} is VALID [2022-02-20 18:04:46,373 INFO L290 TraceCheckUtils]: 155: Hoare triple {21324#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L272 TraceCheckUtils]: 156: Hoare triple {21324#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L290 TraceCheckUtils]: 157: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L290 TraceCheckUtils]: 158: Hoare triple {21324#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L290 TraceCheckUtils]: 159: Hoare triple {21324#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L272 TraceCheckUtils]: 160: Hoare triple {21324#false} call setEmailFrom(~msg#1, ~tmp~14#1); {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L290 TraceCheckUtils]: 161: Hoare triple {21324#false} ~handle := #in~handle;~value := #in~value; {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L290 TraceCheckUtils]: 162: Hoare triple {21324#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L290 TraceCheckUtils]: 163: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {21324#false} {21324#false} #1659#return; {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L290 TraceCheckUtils]: 165: Hoare triple {21324#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L290 TraceCheckUtils]: 166: Hoare triple {21324#false} assume 0 != ~in_encrypted~0; {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L272 TraceCheckUtils]: 167: Hoare triple {21324#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L290 TraceCheckUtils]: 168: Hoare triple {21324#false} ~handle := #in~handle;havoc ~retValue_acc~29; {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L290 TraceCheckUtils]: 169: Hoare triple {21324#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L290 TraceCheckUtils]: 170: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:04:46,374 INFO L284 TraceCheckUtils]: 171: Hoare quadruple {21324#false} {21324#false} #1661#return; {21324#false} is VALID [2022-02-20 18:04:46,375 INFO L290 TraceCheckUtils]: 172: Hoare triple {21324#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {21324#false} is VALID [2022-02-20 18:04:46,375 INFO L290 TraceCheckUtils]: 173: Hoare triple {21324#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {21324#false} is VALID [2022-02-20 18:04:46,375 INFO L290 TraceCheckUtils]: 174: Hoare triple {21324#false} assume !false; {21324#false} is VALID [2022-02-20 18:04:46,375 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 18:04:46,375 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:46,375 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [262660399] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:46,375 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:46,375 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 18:04:46,376 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1730645394] [2022-02-20 18:04:46,376 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:46,376 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 175 [2022-02-20 18:04:46,376 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:46,377 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:04:46,523 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 146 edges. 146 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:46,524 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:04:46,524 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:46,524 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:04:46,524 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:04:46,524 INFO L87 Difference]: Start difference. First operand 592 states and 850 transitions. Second operand has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:04:47,281 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:47,282 INFO L93 Difference]: Finished difference Result 919 states and 1301 transitions. [2022-02-20 18:04:47,282 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:04:47,282 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 175 [2022-02-20 18:04:47,282 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:47,283 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:04:47,296 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1299 transitions. [2022-02-20 18:04:47,296 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:04:47,333 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1299 transitions. [2022-02-20 18:04:47,333 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1299 transitions. [2022-02-20 18:04:48,180 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1299 edges. 1299 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:48,204 INFO L225 Difference]: With dead ends: 919 [2022-02-20 18:04:48,204 INFO L226 Difference]: Without dead ends: 595 [2022-02-20 18:04:48,221 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 228 GetRequests, 217 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:04:48,222 INFO L933 BasicCegarLoop]: 846 mSDtfsCounter, 1 mSDsluCounter, 844 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1690 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:48,223 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1690 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:04:48,224 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 595 states. [2022-02-20 18:04:48,242 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 595 to 594. [2022-02-20 18:04:48,242 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:48,243 INFO L82 GeneralOperation]: Start isEquivalent. First operand 595 states. Second operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:04:48,244 INFO L74 IsIncluded]: Start isIncluded. First operand 595 states. Second operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:04:48,245 INFO L87 Difference]: Start difference. First operand 595 states. Second operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:04:48,260 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:48,260 INFO L93 Difference]: Finished difference Result 595 states and 853 transitions. [2022-02-20 18:04:48,261 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 853 transitions. [2022-02-20 18:04:48,262 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:48,262 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:48,263 INFO L74 IsIncluded]: Start isIncluded. First operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 595 states. [2022-02-20 18:04:48,264 INFO L87 Difference]: Start difference. First operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 595 states. [2022-02-20 18:04:48,280 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:48,280 INFO L93 Difference]: Finished difference Result 595 states and 853 transitions. [2022-02-20 18:04:48,280 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 853 transitions. [2022-02-20 18:04:48,284 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:48,285 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:48,285 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:48,285 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:48,286 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:04:48,305 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 594 states to 594 states and 852 transitions. [2022-02-20 18:04:48,306 INFO L78 Accepts]: Start accepts. Automaton has 594 states and 852 transitions. Word has length 175 [2022-02-20 18:04:48,307 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:48,308 INFO L470 AbstractCegarLoop]: Abstraction has 594 states and 852 transitions. [2022-02-20 18:04:48,308 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 31.0) internal successors, (93), 3 states have internal predecessors, (93), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:04:48,308 INFO L276 IsEmpty]: Start isEmpty. Operand 594 states and 852 transitions. [2022-02-20 18:04:48,311 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 184 [2022-02-20 18:04:48,311 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:48,312 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:48,330 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 18:04:48,531 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable5 [2022-02-20 18:04:48,532 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:48,532 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:48,532 INFO L85 PathProgramCache]: Analyzing trace with hash -1535662965, now seen corresponding path program 1 times [2022-02-20 18:04:48,532 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:48,533 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [893821447] [2022-02-20 18:04:48,533 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:48,533 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:48,566 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,591 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:04:48,593 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,598 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,598 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,598 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25244#true} {25244#true} #1733#return; {25244#true} is VALID [2022-02-20 18:04:48,598 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:04:48,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,601 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,601 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,601 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25244#true} {25244#true} #1735#return; {25244#true} is VALID [2022-02-20 18:04:48,602 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:04:48,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,604 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,604 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25244#true} {25244#true} #1737#return; {25244#true} is VALID [2022-02-20 18:04:48,604 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:48,605 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,607 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,607 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25244#true} {25244#true} #1739#return; {25244#true} is VALID [2022-02-20 18:04:48,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:04:48,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,610 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,610 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,610 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25244#true} {25244#true} #1741#return; {25244#true} is VALID [2022-02-20 18:04:48,611 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:04:48,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,613 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,613 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,613 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25244#true} {25244#true} #1743#return; {25244#true} is VALID [2022-02-20 18:04:48,613 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:04:48,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,616 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,616 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,616 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25244#true} {25244#true} #1745#return; {25244#true} is VALID [2022-02-20 18:04:48,616 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:04:48,617 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,618 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,618 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,618 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25244#true} {25244#true} #1747#return; {25244#true} is VALID [2022-02-20 18:04:48,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:04:48,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:48,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,629 INFO L290 TraceCheckUtils]: 0: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,629 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,629 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,630 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25244#true} {25244#true} #1731#return; {25244#true} is VALID [2022-02-20 18:04:48,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25244#true} is VALID [2022-02-20 18:04:48,630 INFO L272 TraceCheckUtils]: 1: Hoare triple {25244#true} call setClientId(~bob___0, ~bob___0); {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:48,630 INFO L290 TraceCheckUtils]: 2: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,631 INFO L290 TraceCheckUtils]: 3: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,631 INFO L290 TraceCheckUtils]: 4: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,631 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25244#true} {25244#true} #1731#return; {25244#true} is VALID [2022-02-20 18:04:48,631 INFO L290 TraceCheckUtils]: 6: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,631 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25244#true} {25244#true} #1749#return; {25244#true} is VALID [2022-02-20 18:04:48,636 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:04:48,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,639 INFO L290 TraceCheckUtils]: 0: Hoare triple {25342#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,639 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,639 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,639 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25244#true} {25244#true} #1751#return; {25244#true} is VALID [2022-02-20 18:04:48,639 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:04:48,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,652 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:48,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25349#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:48,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {25349#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25350#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:48,668 INFO L290 TraceCheckUtils]: 2: Hoare triple {25350#(= |setClientId_#in~handle| 1)} assume true; {25350#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:48,668 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25350#(= |setClientId_#in~handle| 1)} {25343#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {25348#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:48,669 INFO L290 TraceCheckUtils]: 0: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25343#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:48,669 INFO L272 TraceCheckUtils]: 1: Hoare triple {25343#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:48,670 INFO L290 TraceCheckUtils]: 2: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25349#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:48,670 INFO L290 TraceCheckUtils]: 3: Hoare triple {25349#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25350#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:48,670 INFO L290 TraceCheckUtils]: 4: Hoare triple {25350#(= |setClientId_#in~handle| 1)} assume true; {25350#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:48,671 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25350#(= |setClientId_#in~handle| 1)} {25343#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {25348#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:48,671 INFO L290 TraceCheckUtils]: 6: Hoare triple {25348#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {25348#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:48,671 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25348#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {25283#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1755#return; {25245#false} is VALID [2022-02-20 18:04:48,672 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:04:48,673 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,681 INFO L290 TraceCheckUtils]: 0: Hoare triple {25342#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,682 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,682 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,682 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25244#true} {25245#false} #1757#return; {25245#false} is VALID [2022-02-20 18:04:48,682 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:04:48,683 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,685 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:48,685 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,686 INFO L290 TraceCheckUtils]: 0: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,687 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,687 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,687 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25244#true} {25244#true} #1625#return; {25244#true} is VALID [2022-02-20 18:04:48,687 INFO L290 TraceCheckUtils]: 0: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25244#true} is VALID [2022-02-20 18:04:48,688 INFO L272 TraceCheckUtils]: 1: Hoare triple {25244#true} call setClientId(~chuck___0, ~chuck___0); {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:48,688 INFO L290 TraceCheckUtils]: 2: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,688 INFO L290 TraceCheckUtils]: 3: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,688 INFO L290 TraceCheckUtils]: 4: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,688 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25244#true} {25244#true} #1625#return; {25244#true} is VALID [2022-02-20 18:04:48,688 INFO L290 TraceCheckUtils]: 6: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,688 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25244#true} {25245#false} #1761#return; {25245#false} is VALID [2022-02-20 18:04:48,688 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:04:48,689 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,691 INFO L290 TraceCheckUtils]: 0: Hoare triple {25342#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,691 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,691 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,691 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25244#true} {25245#false} #1763#return; {25245#false} is VALID [2022-02-20 18:04:48,699 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:04:48,699 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,701 INFO L290 TraceCheckUtils]: 0: Hoare triple {25355#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,701 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,701 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,701 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25244#true} {25245#false} #1647#return; {25245#false} is VALID [2022-02-20 18:04:48,709 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 18:04:48,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,712 INFO L290 TraceCheckUtils]: 0: Hoare triple {25356#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,712 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,713 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,713 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25244#true} {25245#false} #1649#return; {25245#false} is VALID [2022-02-20 18:04:48,713 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 140 [2022-02-20 18:04:48,713 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,715 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} ~handle := #in~handle;havoc ~retValue_acc~9; {25244#true} is VALID [2022-02-20 18:04:48,715 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~9; {25244#true} is VALID [2022-02-20 18:04:48,715 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,715 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25244#true} {25245#false} #1627#return; {25245#false} is VALID [2022-02-20 18:04:48,715 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-02-20 18:04:48,716 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,717 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} ~handle := #in~handle;havoc ~retValue_acc~26; {25244#true} is VALID [2022-02-20 18:04:48,717 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {25244#true} is VALID [2022-02-20 18:04:48,718 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,718 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25244#true} {25245#false} #1613#return; {25245#false} is VALID [2022-02-20 18:04:48,718 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 156 [2022-02-20 18:04:48,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,720 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {25244#true} is VALID [2022-02-20 18:04:48,720 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume 1 == ~handle; {25244#true} is VALID [2022-02-20 18:04:48,720 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {25244#true} is VALID [2022-02-20 18:04:48,720 INFO L290 TraceCheckUtils]: 3: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,721 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25244#true} {25245#false} #1615#return; {25245#false} is VALID [2022-02-20 18:04:48,721 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 168 [2022-02-20 18:04:48,721 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,723 INFO L290 TraceCheckUtils]: 0: Hoare triple {25355#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,723 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,723 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,723 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25244#true} {25245#false} #1659#return; {25245#false} is VALID [2022-02-20 18:04:48,724 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 175 [2022-02-20 18:04:48,724 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:48,726 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} ~handle := #in~handle;havoc ~retValue_acc~29; {25244#true} is VALID [2022-02-20 18:04:48,726 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {25244#true} is VALID [2022-02-20 18:04:48,726 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,726 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25244#true} {25245#false} #1661#return; {25245#false} is VALID [2022-02-20 18:04:48,726 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {25244#true} is VALID [2022-02-20 18:04:48,726 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25244#true} is VALID [2022-02-20 18:04:48,727 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {25244#true} is VALID [2022-02-20 18:04:48,727 INFO L272 TraceCheckUtils]: 3: Hoare triple {25244#true} call select_features_#t~ret5#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:48,727 INFO L290 TraceCheckUtils]: 4: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,727 INFO L290 TraceCheckUtils]: 5: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,727 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25244#true} {25244#true} #1733#return; {25244#true} is VALID [2022-02-20 18:04:48,727 INFO L290 TraceCheckUtils]: 7: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {25244#true} is VALID [2022-02-20 18:04:48,727 INFO L272 TraceCheckUtils]: 8: Hoare triple {25244#true} call select_features_#t~ret6#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:48,727 INFO L290 TraceCheckUtils]: 9: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,728 INFO L290 TraceCheckUtils]: 10: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,728 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25244#true} {25244#true} #1735#return; {25244#true} is VALID [2022-02-20 18:04:48,728 INFO L290 TraceCheckUtils]: 12: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {25244#true} is VALID [2022-02-20 18:04:48,728 INFO L272 TraceCheckUtils]: 13: Hoare triple {25244#true} call select_features_#t~ret7#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:48,728 INFO L290 TraceCheckUtils]: 14: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,728 INFO L290 TraceCheckUtils]: 15: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,728 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25244#true} {25244#true} #1737#return; {25244#true} is VALID [2022-02-20 18:04:48,729 INFO L290 TraceCheckUtils]: 17: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {25244#true} is VALID [2022-02-20 18:04:48,729 INFO L272 TraceCheckUtils]: 18: Hoare triple {25244#true} call select_features_#t~ret8#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:48,729 INFO L290 TraceCheckUtils]: 19: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,729 INFO L290 TraceCheckUtils]: 20: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,729 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25244#true} {25244#true} #1739#return; {25244#true} is VALID [2022-02-20 18:04:48,729 INFO L290 TraceCheckUtils]: 22: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {25244#true} is VALID [2022-02-20 18:04:48,729 INFO L272 TraceCheckUtils]: 23: Hoare triple {25244#true} call select_features_#t~ret9#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:48,730 INFO L290 TraceCheckUtils]: 24: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,730 INFO L290 TraceCheckUtils]: 25: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,730 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25244#true} {25244#true} #1741#return; {25244#true} is VALID [2022-02-20 18:04:48,730 INFO L290 TraceCheckUtils]: 27: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {25244#true} is VALID [2022-02-20 18:04:48,730 INFO L272 TraceCheckUtils]: 28: Hoare triple {25244#true} call select_features_#t~ret10#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:48,730 INFO L290 TraceCheckUtils]: 29: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,730 INFO L290 TraceCheckUtils]: 30: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,731 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25244#true} {25244#true} #1743#return; {25244#true} is VALID [2022-02-20 18:04:48,731 INFO L290 TraceCheckUtils]: 32: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {25244#true} is VALID [2022-02-20 18:04:48,731 INFO L272 TraceCheckUtils]: 33: Hoare triple {25244#true} call select_features_#t~ret11#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:48,731 INFO L290 TraceCheckUtils]: 34: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,731 INFO L290 TraceCheckUtils]: 35: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,731 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25244#true} {25244#true} #1745#return; {25244#true} is VALID [2022-02-20 18:04:48,731 INFO L290 TraceCheckUtils]: 37: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {25244#true} is VALID [2022-02-20 18:04:48,731 INFO L272 TraceCheckUtils]: 38: Hoare triple {25244#true} call select_features_#t~ret12#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:48,732 INFO L290 TraceCheckUtils]: 39: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:48,732 INFO L290 TraceCheckUtils]: 40: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,732 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25244#true} {25244#true} #1747#return; {25244#true} is VALID [2022-02-20 18:04:48,732 INFO L290 TraceCheckUtils]: 42: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {25244#true} is VALID [2022-02-20 18:04:48,732 INFO L290 TraceCheckUtils]: 43: Hoare triple {25244#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {25244#true} is VALID [2022-02-20 18:04:48,732 INFO L290 TraceCheckUtils]: 44: Hoare triple {25244#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25244#true} is VALID [2022-02-20 18:04:48,732 INFO L290 TraceCheckUtils]: 45: Hoare triple {25244#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {25244#true} is VALID [2022-02-20 18:04:48,732 INFO L290 TraceCheckUtils]: 46: Hoare triple {25244#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {25244#true} is VALID [2022-02-20 18:04:48,733 INFO L290 TraceCheckUtils]: 47: Hoare triple {25244#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {25244#true} is VALID [2022-02-20 18:04:48,733 INFO L290 TraceCheckUtils]: 48: Hoare triple {25244#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25244#true} is VALID [2022-02-20 18:04:48,733 INFO L290 TraceCheckUtils]: 49: Hoare triple {25244#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {25244#true} is VALID [2022-02-20 18:04:48,733 INFO L290 TraceCheckUtils]: 50: Hoare triple {25244#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25244#true} is VALID [2022-02-20 18:04:48,733 INFO L290 TraceCheckUtils]: 51: Hoare triple {25244#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {25244#true} is VALID [2022-02-20 18:04:48,733 INFO L290 TraceCheckUtils]: 52: Hoare triple {25244#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25244#true} is VALID [2022-02-20 18:04:48,733 INFO L290 TraceCheckUtils]: 53: Hoare triple {25244#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {25244#true} is VALID [2022-02-20 18:04:48,733 INFO L290 TraceCheckUtils]: 54: Hoare triple {25244#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {25244#true} is VALID [2022-02-20 18:04:48,734 INFO L290 TraceCheckUtils]: 55: Hoare triple {25244#true} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {25244#true} is VALID [2022-02-20 18:04:48,734 INFO L290 TraceCheckUtils]: 56: Hoare triple {25244#true} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25244#true} is VALID [2022-02-20 18:04:48,734 INFO L290 TraceCheckUtils]: 57: Hoare triple {25244#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {25244#true} is VALID [2022-02-20 18:04:48,735 INFO L272 TraceCheckUtils]: 58: Hoare triple {25244#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:48,735 INFO L290 TraceCheckUtils]: 59: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25244#true} is VALID [2022-02-20 18:04:48,735 INFO L272 TraceCheckUtils]: 60: Hoare triple {25244#true} call setClientId(~bob___0, ~bob___0); {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:48,735 INFO L290 TraceCheckUtils]: 61: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,735 INFO L290 TraceCheckUtils]: 62: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,736 INFO L290 TraceCheckUtils]: 63: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,736 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25244#true} {25244#true} #1731#return; {25244#true} is VALID [2022-02-20 18:04:48,736 INFO L290 TraceCheckUtils]: 65: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,736 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25244#true} {25244#true} #1749#return; {25244#true} is VALID [2022-02-20 18:04:48,737 INFO L272 TraceCheckUtils]: 67: Hoare triple {25244#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {25342#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:48,737 INFO L290 TraceCheckUtils]: 68: Hoare triple {25342#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,737 INFO L290 TraceCheckUtils]: 69: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,737 INFO L290 TraceCheckUtils]: 70: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,737 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25244#true} {25244#true} #1751#return; {25244#true} is VALID [2022-02-20 18:04:48,737 INFO L290 TraceCheckUtils]: 72: Hoare triple {25244#true} assume { :end_inline_setup_bob__role__Keys } true; {25244#true} is VALID [2022-02-20 18:04:48,738 INFO L290 TraceCheckUtils]: 73: Hoare triple {25244#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25282#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:48,738 INFO L290 TraceCheckUtils]: 74: Hoare triple {25282#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {25283#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:48,739 INFO L272 TraceCheckUtils]: 75: Hoare triple {25283#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:48,739 INFO L290 TraceCheckUtils]: 76: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25343#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:48,740 INFO L272 TraceCheckUtils]: 77: Hoare triple {25343#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:48,740 INFO L290 TraceCheckUtils]: 78: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25349#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:48,740 INFO L290 TraceCheckUtils]: 79: Hoare triple {25349#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25350#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:48,741 INFO L290 TraceCheckUtils]: 80: Hoare triple {25350#(= |setClientId_#in~handle| 1)} assume true; {25350#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:48,741 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25350#(= |setClientId_#in~handle| 1)} {25343#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {25348#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:48,741 INFO L290 TraceCheckUtils]: 82: Hoare triple {25348#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {25348#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:48,742 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {25348#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {25283#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1755#return; {25245#false} is VALID [2022-02-20 18:04:48,742 INFO L272 TraceCheckUtils]: 84: Hoare triple {25245#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {25342#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:48,742 INFO L290 TraceCheckUtils]: 85: Hoare triple {25342#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,742 INFO L290 TraceCheckUtils]: 86: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,743 INFO L290 TraceCheckUtils]: 87: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,743 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25244#true} {25245#false} #1757#return; {25245#false} is VALID [2022-02-20 18:04:48,743 INFO L290 TraceCheckUtils]: 89: Hoare triple {25245#false} assume { :end_inline_setup_rjh__role__Keys } true; {25245#false} is VALID [2022-02-20 18:04:48,743 INFO L290 TraceCheckUtils]: 90: Hoare triple {25245#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25245#false} is VALID [2022-02-20 18:04:48,743 INFO L290 TraceCheckUtils]: 91: Hoare triple {25245#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {25245#false} is VALID [2022-02-20 18:04:48,743 INFO L272 TraceCheckUtils]: 92: Hoare triple {25245#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:48,743 INFO L290 TraceCheckUtils]: 93: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25244#true} is VALID [2022-02-20 18:04:48,744 INFO L272 TraceCheckUtils]: 94: Hoare triple {25244#true} call setClientId(~chuck___0, ~chuck___0); {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:48,744 INFO L290 TraceCheckUtils]: 95: Hoare triple {25337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,744 INFO L290 TraceCheckUtils]: 96: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,744 INFO L290 TraceCheckUtils]: 97: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,744 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {25244#true} {25244#true} #1625#return; {25244#true} is VALID [2022-02-20 18:04:48,745 INFO L290 TraceCheckUtils]: 99: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,745 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {25244#true} {25245#false} #1761#return; {25245#false} is VALID [2022-02-20 18:04:48,745 INFO L272 TraceCheckUtils]: 101: Hoare triple {25245#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {25342#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:48,745 INFO L290 TraceCheckUtils]: 102: Hoare triple {25342#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,745 INFO L290 TraceCheckUtils]: 103: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,745 INFO L290 TraceCheckUtils]: 104: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,745 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {25244#true} {25245#false} #1763#return; {25245#false} is VALID [2022-02-20 18:04:48,745 INFO L290 TraceCheckUtils]: 106: Hoare triple {25245#false} assume { :end_inline_setup_chuck__role__Keys } true; {25245#false} is VALID [2022-02-20 18:04:48,746 INFO L290 TraceCheckUtils]: 107: Hoare triple {25245#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {25245#false} is VALID [2022-02-20 18:04:48,746 INFO L290 TraceCheckUtils]: 108: Hoare triple {25245#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25245#false} is VALID [2022-02-20 18:04:48,746 INFO L290 TraceCheckUtils]: 109: Hoare triple {25245#false} assume !false; {25245#false} is VALID [2022-02-20 18:04:48,746 INFO L290 TraceCheckUtils]: 110: Hoare triple {25245#false} assume test_~splverifierCounter~0#1 < 4; {25245#false} is VALID [2022-02-20 18:04:48,746 INFO L290 TraceCheckUtils]: 111: Hoare triple {25245#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25245#false} is VALID [2022-02-20 18:04:48,746 INFO L290 TraceCheckUtils]: 112: Hoare triple {25245#false} assume !(0 == test_~op1~0#1); {25245#false} is VALID [2022-02-20 18:04:48,746 INFO L290 TraceCheckUtils]: 113: Hoare triple {25245#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {25245#false} is VALID [2022-02-20 18:04:48,746 INFO L290 TraceCheckUtils]: 114: Hoare triple {25245#false} assume 0 != test_~tmp___8~0#1; {25245#false} is VALID [2022-02-20 18:04:48,747 INFO L290 TraceCheckUtils]: 115: Hoare triple {25245#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {25245#false} is VALID [2022-02-20 18:04:48,747 INFO L290 TraceCheckUtils]: 116: Hoare triple {25245#false} test_~op2~0#1 := 1; {25245#false} is VALID [2022-02-20 18:04:48,747 INFO L290 TraceCheckUtils]: 117: Hoare triple {25245#false} assume !false; {25245#false} is VALID [2022-02-20 18:04:48,747 INFO L290 TraceCheckUtils]: 118: Hoare triple {25245#false} assume !(test_~splverifierCounter~0#1 < 4); {25245#false} is VALID [2022-02-20 18:04:48,747 INFO L290 TraceCheckUtils]: 119: Hoare triple {25245#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {25245#false} is VALID [2022-02-20 18:04:48,747 INFO L272 TraceCheckUtils]: 120: Hoare triple {25245#false} call sendEmail(~bob~0, ~rjh~0); {25245#false} is VALID [2022-02-20 18:04:48,747 INFO L290 TraceCheckUtils]: 121: Hoare triple {25245#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25245#false} is VALID [2022-02-20 18:04:48,748 INFO L272 TraceCheckUtils]: 122: Hoare triple {25245#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25355#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:48,748 INFO L290 TraceCheckUtils]: 123: Hoare triple {25355#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,748 INFO L290 TraceCheckUtils]: 124: Hoare triple {25244#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,748 INFO L290 TraceCheckUtils]: 125: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,748 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {25244#true} {25245#false} #1647#return; {25245#false} is VALID [2022-02-20 18:04:48,748 INFO L272 TraceCheckUtils]: 127: Hoare triple {25245#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25356#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:48,748 INFO L290 TraceCheckUtils]: 128: Hoare triple {25356#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,749 INFO L290 TraceCheckUtils]: 129: Hoare triple {25244#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,749 INFO L290 TraceCheckUtils]: 130: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,749 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25244#true} {25245#false} #1649#return; {25245#false} is VALID [2022-02-20 18:04:48,749 INFO L290 TraceCheckUtils]: 132: Hoare triple {25245#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {25245#false} is VALID [2022-02-20 18:04:48,749 INFO L290 TraceCheckUtils]: 133: Hoare triple {25245#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {25245#false} is VALID [2022-02-20 18:04:48,749 INFO L272 TraceCheckUtils]: 134: Hoare triple {25245#false} call outgoing(~sender#1, ~email~0#1); {25245#false} is VALID [2022-02-20 18:04:48,749 INFO L290 TraceCheckUtils]: 135: Hoare triple {25245#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25245#false} is VALID [2022-02-20 18:04:48,750 INFO L290 TraceCheckUtils]: 136: Hoare triple {25245#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {25245#false} is VALID [2022-02-20 18:04:48,750 INFO L272 TraceCheckUtils]: 137: Hoare triple {25245#false} call outgoing__before__Sign(~client#1, ~msg#1); {25245#false} is VALID [2022-02-20 18:04:48,750 INFO L290 TraceCheckUtils]: 138: Hoare triple {25245#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25245#false} is VALID [2022-02-20 18:04:48,750 INFO L290 TraceCheckUtils]: 139: Hoare triple {25245#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret83#1, outgoing__role__AddressBook_#t~ret84#1, outgoing__role__AddressBook_#t~ret85#1, outgoing__role__AddressBook_#t~ret86#1, outgoing__role__AddressBook_#t~ret87#1, outgoing__role__AddressBook_#t~ret88#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~2#1, outgoing__role__AddressBook_~tmp~16#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~5#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~2#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~2#1;havoc outgoing__role__AddressBook_~tmp~16#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~5#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~2#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {25245#false} is VALID [2022-02-20 18:04:48,750 INFO L272 TraceCheckUtils]: 140: Hoare triple {25245#false} call outgoing__role__AddressBook_#t~ret83#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {25244#true} is VALID [2022-02-20 18:04:48,750 INFO L290 TraceCheckUtils]: 141: Hoare triple {25244#true} ~handle := #in~handle;havoc ~retValue_acc~9; {25244#true} is VALID [2022-02-20 18:04:48,750 INFO L290 TraceCheckUtils]: 142: Hoare triple {25244#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~9; {25244#true} is VALID [2022-02-20 18:04:48,750 INFO L290 TraceCheckUtils]: 143: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,751 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {25244#true} {25245#false} #1627#return; {25245#false} is VALID [2022-02-20 18:04:48,751 INFO L290 TraceCheckUtils]: 145: Hoare triple {25245#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret83#1 && outgoing__role__AddressBook_#t~ret83#1 <= 2147483647;outgoing__role__AddressBook_~tmp~16#1 := outgoing__role__AddressBook_#t~ret83#1;havoc outgoing__role__AddressBook_#t~ret83#1;outgoing__role__AddressBook_~size~2#1 := outgoing__role__AddressBook_~tmp~16#1; {25245#false} is VALID [2022-02-20 18:04:48,751 INFO L290 TraceCheckUtils]: 146: Hoare triple {25245#false} assume !(0 != outgoing__role__AddressBook_~size~2#1); {25245#false} is VALID [2022-02-20 18:04:48,751 INFO L272 TraceCheckUtils]: 147: Hoare triple {25245#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {25245#false} is VALID [2022-02-20 18:04:48,751 INFO L290 TraceCheckUtils]: 148: Hoare triple {25245#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25245#false} is VALID [2022-02-20 18:04:48,751 INFO L290 TraceCheckUtils]: 149: Hoare triple {25245#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret81#1, outgoing__role__Encrypt_#t~ret82#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~15#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~15#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {25245#false} is VALID [2022-02-20 18:04:48,751 INFO L272 TraceCheckUtils]: 150: Hoare triple {25245#false} call outgoing__role__Encrypt_#t~ret81#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {25244#true} is VALID [2022-02-20 18:04:48,751 INFO L290 TraceCheckUtils]: 151: Hoare triple {25244#true} ~handle := #in~handle;havoc ~retValue_acc~26; {25244#true} is VALID [2022-02-20 18:04:48,752 INFO L290 TraceCheckUtils]: 152: Hoare triple {25244#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {25244#true} is VALID [2022-02-20 18:04:48,752 INFO L290 TraceCheckUtils]: 153: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,752 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {25244#true} {25245#false} #1613#return; {25245#false} is VALID [2022-02-20 18:04:48,752 INFO L290 TraceCheckUtils]: 155: Hoare triple {25245#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret81#1 && outgoing__role__Encrypt_#t~ret81#1 <= 2147483647;outgoing__role__Encrypt_~tmp~15#1 := outgoing__role__Encrypt_#t~ret81#1;havoc outgoing__role__Encrypt_#t~ret81#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~15#1; {25245#false} is VALID [2022-02-20 18:04:48,752 INFO L272 TraceCheckUtils]: 156: Hoare triple {25245#false} call outgoing__role__Encrypt_#t~ret82#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {25244#true} is VALID [2022-02-20 18:04:48,752 INFO L290 TraceCheckUtils]: 157: Hoare triple {25244#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {25244#true} is VALID [2022-02-20 18:04:48,752 INFO L290 TraceCheckUtils]: 158: Hoare triple {25244#true} assume 1 == ~handle; {25244#true} is VALID [2022-02-20 18:04:48,752 INFO L290 TraceCheckUtils]: 159: Hoare triple {25244#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {25244#true} is VALID [2022-02-20 18:04:48,753 INFO L290 TraceCheckUtils]: 160: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,753 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {25244#true} {25245#false} #1615#return; {25245#false} is VALID [2022-02-20 18:04:48,753 INFO L290 TraceCheckUtils]: 162: Hoare triple {25245#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret82#1 && outgoing__role__Encrypt_#t~ret82#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret82#1;havoc outgoing__role__Encrypt_#t~ret82#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {25245#false} is VALID [2022-02-20 18:04:48,753 INFO L290 TraceCheckUtils]: 163: Hoare triple {25245#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {25245#false} is VALID [2022-02-20 18:04:48,753 INFO L272 TraceCheckUtils]: 164: Hoare triple {25245#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {25245#false} is VALID [2022-02-20 18:04:48,753 INFO L290 TraceCheckUtils]: 165: Hoare triple {25245#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {25245#false} is VALID [2022-02-20 18:04:48,753 INFO L290 TraceCheckUtils]: 166: Hoare triple {25245#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {25245#false} is VALID [2022-02-20 18:04:48,753 INFO L290 TraceCheckUtils]: 167: Hoare triple {25245#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {25245#false} is VALID [2022-02-20 18:04:48,754 INFO L272 TraceCheckUtils]: 168: Hoare triple {25245#false} call setEmailFrom(~msg#1, ~tmp~14#1); {25355#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:48,754 INFO L290 TraceCheckUtils]: 169: Hoare triple {25355#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:48,754 INFO L290 TraceCheckUtils]: 170: Hoare triple {25244#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:48,754 INFO L290 TraceCheckUtils]: 171: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,754 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {25244#true} {25245#false} #1659#return; {25245#false} is VALID [2022-02-20 18:04:48,754 INFO L290 TraceCheckUtils]: 173: Hoare triple {25245#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {25245#false} is VALID [2022-02-20 18:04:48,754 INFO L290 TraceCheckUtils]: 174: Hoare triple {25245#false} assume 0 != ~in_encrypted~0; {25245#false} is VALID [2022-02-20 18:04:48,754 INFO L272 TraceCheckUtils]: 175: Hoare triple {25245#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {25244#true} is VALID [2022-02-20 18:04:48,755 INFO L290 TraceCheckUtils]: 176: Hoare triple {25244#true} ~handle := #in~handle;havoc ~retValue_acc~29; {25244#true} is VALID [2022-02-20 18:04:48,755 INFO L290 TraceCheckUtils]: 177: Hoare triple {25244#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {25244#true} is VALID [2022-02-20 18:04:48,755 INFO L290 TraceCheckUtils]: 178: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:48,755 INFO L284 TraceCheckUtils]: 179: Hoare quadruple {25244#true} {25245#false} #1661#return; {25245#false} is VALID [2022-02-20 18:04:48,755 INFO L290 TraceCheckUtils]: 180: Hoare triple {25245#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {25245#false} is VALID [2022-02-20 18:04:48,755 INFO L290 TraceCheckUtils]: 181: Hoare triple {25245#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {25245#false} is VALID [2022-02-20 18:04:48,755 INFO L290 TraceCheckUtils]: 182: Hoare triple {25245#false} assume !false; {25245#false} is VALID [2022-02-20 18:04:48,756 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2022-02-20 18:04:48,756 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:48,756 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [893821447] [2022-02-20 18:04:48,757 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [893821447] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:48,757 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1174408319] [2022-02-20 18:04:48,757 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:48,757 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:48,757 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:48,772 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:48,788 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:04:49,072 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:49,077 INFO L263 TraceCheckSpWp]: Trace formula consists of 1497 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:04:49,130 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:49,133 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:49,468 INFO L290 TraceCheckUtils]: 0: Hoare triple {25244#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {25244#true} is VALID [2022-02-20 18:04:49,468 INFO L290 TraceCheckUtils]: 1: Hoare triple {25244#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25244#true} is VALID [2022-02-20 18:04:49,468 INFO L290 TraceCheckUtils]: 2: Hoare triple {25244#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {25244#true} is VALID [2022-02-20 18:04:49,468 INFO L272 TraceCheckUtils]: 3: Hoare triple {25244#true} call select_features_#t~ret5#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:49,469 INFO L290 TraceCheckUtils]: 4: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:49,469 INFO L290 TraceCheckUtils]: 5: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,469 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25244#true} {25244#true} #1733#return; {25244#true} is VALID [2022-02-20 18:04:49,469 INFO L290 TraceCheckUtils]: 7: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {25244#true} is VALID [2022-02-20 18:04:49,469 INFO L272 TraceCheckUtils]: 8: Hoare triple {25244#true} call select_features_#t~ret6#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:49,469 INFO L290 TraceCheckUtils]: 9: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:49,469 INFO L290 TraceCheckUtils]: 10: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,469 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25244#true} {25244#true} #1735#return; {25244#true} is VALID [2022-02-20 18:04:49,470 INFO L290 TraceCheckUtils]: 12: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {25244#true} is VALID [2022-02-20 18:04:49,470 INFO L272 TraceCheckUtils]: 13: Hoare triple {25244#true} call select_features_#t~ret7#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:49,470 INFO L290 TraceCheckUtils]: 14: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:49,470 INFO L290 TraceCheckUtils]: 15: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,470 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25244#true} {25244#true} #1737#return; {25244#true} is VALID [2022-02-20 18:04:49,470 INFO L290 TraceCheckUtils]: 17: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {25244#true} is VALID [2022-02-20 18:04:49,470 INFO L272 TraceCheckUtils]: 18: Hoare triple {25244#true} call select_features_#t~ret8#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:49,470 INFO L290 TraceCheckUtils]: 19: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:49,470 INFO L290 TraceCheckUtils]: 20: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,471 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25244#true} {25244#true} #1739#return; {25244#true} is VALID [2022-02-20 18:04:49,471 INFO L290 TraceCheckUtils]: 22: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {25244#true} is VALID [2022-02-20 18:04:49,471 INFO L272 TraceCheckUtils]: 23: Hoare triple {25244#true} call select_features_#t~ret9#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:49,471 INFO L290 TraceCheckUtils]: 24: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:49,471 INFO L290 TraceCheckUtils]: 25: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,471 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25244#true} {25244#true} #1741#return; {25244#true} is VALID [2022-02-20 18:04:49,471 INFO L290 TraceCheckUtils]: 27: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {25244#true} is VALID [2022-02-20 18:04:49,471 INFO L272 TraceCheckUtils]: 28: Hoare triple {25244#true} call select_features_#t~ret10#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:49,472 INFO L290 TraceCheckUtils]: 29: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:49,472 INFO L290 TraceCheckUtils]: 30: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,472 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25244#true} {25244#true} #1743#return; {25244#true} is VALID [2022-02-20 18:04:49,472 INFO L290 TraceCheckUtils]: 32: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {25244#true} is VALID [2022-02-20 18:04:49,472 INFO L272 TraceCheckUtils]: 33: Hoare triple {25244#true} call select_features_#t~ret11#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:49,472 INFO L290 TraceCheckUtils]: 34: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:49,472 INFO L290 TraceCheckUtils]: 35: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,472 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25244#true} {25244#true} #1745#return; {25244#true} is VALID [2022-02-20 18:04:49,473 INFO L290 TraceCheckUtils]: 37: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {25244#true} is VALID [2022-02-20 18:04:49,473 INFO L272 TraceCheckUtils]: 38: Hoare triple {25244#true} call select_features_#t~ret12#1 := select_one(); {25244#true} is VALID [2022-02-20 18:04:49,473 INFO L290 TraceCheckUtils]: 39: Hoare triple {25244#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {25244#true} is VALID [2022-02-20 18:04:49,473 INFO L290 TraceCheckUtils]: 40: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,473 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25244#true} {25244#true} #1747#return; {25244#true} is VALID [2022-02-20 18:04:49,473 INFO L290 TraceCheckUtils]: 42: Hoare triple {25244#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {25244#true} is VALID [2022-02-20 18:04:49,473 INFO L290 TraceCheckUtils]: 43: Hoare triple {25244#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {25244#true} is VALID [2022-02-20 18:04:49,473 INFO L290 TraceCheckUtils]: 44: Hoare triple {25244#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25244#true} is VALID [2022-02-20 18:04:49,473 INFO L290 TraceCheckUtils]: 45: Hoare triple {25244#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {25244#true} is VALID [2022-02-20 18:04:49,474 INFO L290 TraceCheckUtils]: 46: Hoare triple {25244#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {25244#true} is VALID [2022-02-20 18:04:49,474 INFO L290 TraceCheckUtils]: 47: Hoare triple {25244#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {25244#true} is VALID [2022-02-20 18:04:49,474 INFO L290 TraceCheckUtils]: 48: Hoare triple {25244#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25244#true} is VALID [2022-02-20 18:04:49,474 INFO L290 TraceCheckUtils]: 49: Hoare triple {25244#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {25244#true} is VALID [2022-02-20 18:04:49,474 INFO L290 TraceCheckUtils]: 50: Hoare triple {25244#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25244#true} is VALID [2022-02-20 18:04:49,474 INFO L290 TraceCheckUtils]: 51: Hoare triple {25244#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {25244#true} is VALID [2022-02-20 18:04:49,474 INFO L290 TraceCheckUtils]: 52: Hoare triple {25244#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25244#true} is VALID [2022-02-20 18:04:49,474 INFO L290 TraceCheckUtils]: 53: Hoare triple {25244#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {25244#true} is VALID [2022-02-20 18:04:49,475 INFO L290 TraceCheckUtils]: 54: Hoare triple {25244#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {25244#true} is VALID [2022-02-20 18:04:49,475 INFO L290 TraceCheckUtils]: 55: Hoare triple {25244#true} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {25244#true} is VALID [2022-02-20 18:04:49,475 INFO L290 TraceCheckUtils]: 56: Hoare triple {25244#true} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25244#true} is VALID [2022-02-20 18:04:49,475 INFO L290 TraceCheckUtils]: 57: Hoare triple {25244#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {25244#true} is VALID [2022-02-20 18:04:49,475 INFO L272 TraceCheckUtils]: 58: Hoare triple {25244#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {25244#true} is VALID [2022-02-20 18:04:49,475 INFO L290 TraceCheckUtils]: 59: Hoare triple {25244#true} ~bob___0 := #in~bob___0; {25244#true} is VALID [2022-02-20 18:04:49,475 INFO L272 TraceCheckUtils]: 60: Hoare triple {25244#true} call setClientId(~bob___0, ~bob___0); {25244#true} is VALID [2022-02-20 18:04:49,475 INFO L290 TraceCheckUtils]: 61: Hoare triple {25244#true} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:49,476 INFO L290 TraceCheckUtils]: 62: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:49,476 INFO L290 TraceCheckUtils]: 63: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,476 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25244#true} {25244#true} #1731#return; {25244#true} is VALID [2022-02-20 18:04:49,476 INFO L290 TraceCheckUtils]: 65: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,476 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25244#true} {25244#true} #1749#return; {25244#true} is VALID [2022-02-20 18:04:49,476 INFO L272 TraceCheckUtils]: 67: Hoare triple {25244#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {25244#true} is VALID [2022-02-20 18:04:49,476 INFO L290 TraceCheckUtils]: 68: Hoare triple {25244#true} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:49,476 INFO L290 TraceCheckUtils]: 69: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:49,477 INFO L290 TraceCheckUtils]: 70: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,477 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25244#true} {25244#true} #1751#return; {25244#true} is VALID [2022-02-20 18:04:49,477 INFO L290 TraceCheckUtils]: 72: Hoare triple {25244#true} assume { :end_inline_setup_bob__role__Keys } true; {25244#true} is VALID [2022-02-20 18:04:49,477 INFO L290 TraceCheckUtils]: 73: Hoare triple {25244#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25244#true} is VALID [2022-02-20 18:04:49,477 INFO L290 TraceCheckUtils]: 74: Hoare triple {25244#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {25244#true} is VALID [2022-02-20 18:04:49,477 INFO L272 TraceCheckUtils]: 75: Hoare triple {25244#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {25244#true} is VALID [2022-02-20 18:04:49,477 INFO L290 TraceCheckUtils]: 76: Hoare triple {25244#true} ~rjh___0 := #in~rjh___0; {25244#true} is VALID [2022-02-20 18:04:49,477 INFO L272 TraceCheckUtils]: 77: Hoare triple {25244#true} call setClientId(~rjh___0, ~rjh___0); {25244#true} is VALID [2022-02-20 18:04:49,477 INFO L290 TraceCheckUtils]: 78: Hoare triple {25244#true} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:49,478 INFO L290 TraceCheckUtils]: 79: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:49,478 INFO L290 TraceCheckUtils]: 80: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,478 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25244#true} {25244#true} #1683#return; {25244#true} is VALID [2022-02-20 18:04:49,478 INFO L290 TraceCheckUtils]: 82: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,478 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {25244#true} {25244#true} #1755#return; {25244#true} is VALID [2022-02-20 18:04:49,478 INFO L272 TraceCheckUtils]: 84: Hoare triple {25244#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {25244#true} is VALID [2022-02-20 18:04:49,478 INFO L290 TraceCheckUtils]: 85: Hoare triple {25244#true} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:49,478 INFO L290 TraceCheckUtils]: 86: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:49,479 INFO L290 TraceCheckUtils]: 87: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,479 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25244#true} {25244#true} #1757#return; {25244#true} is VALID [2022-02-20 18:04:49,479 INFO L290 TraceCheckUtils]: 89: Hoare triple {25244#true} assume { :end_inline_setup_rjh__role__Keys } true; {25244#true} is VALID [2022-02-20 18:04:49,479 INFO L290 TraceCheckUtils]: 90: Hoare triple {25244#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25244#true} is VALID [2022-02-20 18:04:49,479 INFO L290 TraceCheckUtils]: 91: Hoare triple {25244#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {25244#true} is VALID [2022-02-20 18:04:49,479 INFO L272 TraceCheckUtils]: 92: Hoare triple {25244#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {25244#true} is VALID [2022-02-20 18:04:49,479 INFO L290 TraceCheckUtils]: 93: Hoare triple {25244#true} ~chuck___0 := #in~chuck___0; {25244#true} is VALID [2022-02-20 18:04:49,479 INFO L272 TraceCheckUtils]: 94: Hoare triple {25244#true} call setClientId(~chuck___0, ~chuck___0); {25244#true} is VALID [2022-02-20 18:04:49,480 INFO L290 TraceCheckUtils]: 95: Hoare triple {25244#true} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:49,480 INFO L290 TraceCheckUtils]: 96: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:49,480 INFO L290 TraceCheckUtils]: 97: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,480 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {25244#true} {25244#true} #1625#return; {25244#true} is VALID [2022-02-20 18:04:49,480 INFO L290 TraceCheckUtils]: 99: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,480 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {25244#true} {25244#true} #1761#return; {25244#true} is VALID [2022-02-20 18:04:49,480 INFO L272 TraceCheckUtils]: 101: Hoare triple {25244#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {25244#true} is VALID [2022-02-20 18:04:49,480 INFO L290 TraceCheckUtils]: 102: Hoare triple {25244#true} ~handle := #in~handle;~value := #in~value; {25244#true} is VALID [2022-02-20 18:04:49,481 INFO L290 TraceCheckUtils]: 103: Hoare triple {25244#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25244#true} is VALID [2022-02-20 18:04:49,481 INFO L290 TraceCheckUtils]: 104: Hoare triple {25244#true} assume true; {25244#true} is VALID [2022-02-20 18:04:49,481 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {25244#true} {25244#true} #1763#return; {25244#true} is VALID [2022-02-20 18:04:49,481 INFO L290 TraceCheckUtils]: 106: Hoare triple {25244#true} assume { :end_inline_setup_chuck__role__Keys } true; {25244#true} is VALID [2022-02-20 18:04:49,481 INFO L290 TraceCheckUtils]: 107: Hoare triple {25244#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {25244#true} is VALID [2022-02-20 18:04:49,499 INFO L290 TraceCheckUtils]: 108: Hoare triple {25244#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25684#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:04:49,499 INFO L290 TraceCheckUtils]: 109: Hoare triple {25684#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {25684#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:04:49,500 INFO L290 TraceCheckUtils]: 110: Hoare triple {25684#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {25684#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:04:49,500 INFO L290 TraceCheckUtils]: 111: Hoare triple {25684#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25684#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:04:49,500 INFO L290 TraceCheckUtils]: 112: Hoare triple {25684#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {25245#false} is VALID [2022-02-20 18:04:49,501 INFO L290 TraceCheckUtils]: 113: Hoare triple {25245#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {25245#false} is VALID [2022-02-20 18:04:49,501 INFO L290 TraceCheckUtils]: 114: Hoare triple {25245#false} assume 0 != test_~tmp___8~0#1; {25245#false} is VALID [2022-02-20 18:04:49,501 INFO L290 TraceCheckUtils]: 115: Hoare triple {25245#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {25245#false} is VALID [2022-02-20 18:04:49,501 INFO L290 TraceCheckUtils]: 116: Hoare triple {25245#false} test_~op2~0#1 := 1; {25245#false} is VALID [2022-02-20 18:04:49,501 INFO L290 TraceCheckUtils]: 117: Hoare triple {25245#false} assume !false; {25245#false} is VALID [2022-02-20 18:04:49,501 INFO L290 TraceCheckUtils]: 118: Hoare triple {25245#false} assume !(test_~splverifierCounter~0#1 < 4); {25245#false} is VALID [2022-02-20 18:04:49,501 INFO L290 TraceCheckUtils]: 119: Hoare triple {25245#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {25245#false} is VALID [2022-02-20 18:04:49,501 INFO L272 TraceCheckUtils]: 120: Hoare triple {25245#false} call sendEmail(~bob~0, ~rjh~0); {25245#false} is VALID [2022-02-20 18:04:49,501 INFO L290 TraceCheckUtils]: 121: Hoare triple {25245#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25245#false} is VALID [2022-02-20 18:04:49,502 INFO L272 TraceCheckUtils]: 122: Hoare triple {25245#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25245#false} is VALID [2022-02-20 18:04:49,502 INFO L290 TraceCheckUtils]: 123: Hoare triple {25245#false} ~handle := #in~handle;~value := #in~value; {25245#false} is VALID [2022-02-20 18:04:49,502 INFO L290 TraceCheckUtils]: 124: Hoare triple {25245#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25245#false} is VALID [2022-02-20 18:04:49,502 INFO L290 TraceCheckUtils]: 125: Hoare triple {25245#false} assume true; {25245#false} is VALID [2022-02-20 18:04:49,502 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {25245#false} {25245#false} #1647#return; {25245#false} is VALID [2022-02-20 18:04:49,502 INFO L272 TraceCheckUtils]: 127: Hoare triple {25245#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25245#false} is VALID [2022-02-20 18:04:49,502 INFO L290 TraceCheckUtils]: 128: Hoare triple {25245#false} ~handle := #in~handle;~value := #in~value; {25245#false} is VALID [2022-02-20 18:04:49,502 INFO L290 TraceCheckUtils]: 129: Hoare triple {25245#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25245#false} is VALID [2022-02-20 18:04:49,503 INFO L290 TraceCheckUtils]: 130: Hoare triple {25245#false} assume true; {25245#false} is VALID [2022-02-20 18:04:49,503 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25245#false} {25245#false} #1649#return; {25245#false} is VALID [2022-02-20 18:04:49,503 INFO L290 TraceCheckUtils]: 132: Hoare triple {25245#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {25245#false} is VALID [2022-02-20 18:04:49,503 INFO L290 TraceCheckUtils]: 133: Hoare triple {25245#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {25245#false} is VALID [2022-02-20 18:04:49,503 INFO L272 TraceCheckUtils]: 134: Hoare triple {25245#false} call outgoing(~sender#1, ~email~0#1); {25245#false} is VALID [2022-02-20 18:04:49,503 INFO L290 TraceCheckUtils]: 135: Hoare triple {25245#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25245#false} is VALID [2022-02-20 18:04:49,503 INFO L290 TraceCheckUtils]: 136: Hoare triple {25245#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {25245#false} is VALID [2022-02-20 18:04:49,503 INFO L272 TraceCheckUtils]: 137: Hoare triple {25245#false} call outgoing__before__Sign(~client#1, ~msg#1); {25245#false} is VALID [2022-02-20 18:04:49,504 INFO L290 TraceCheckUtils]: 138: Hoare triple {25245#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25245#false} is VALID [2022-02-20 18:04:49,504 INFO L290 TraceCheckUtils]: 139: Hoare triple {25245#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret83#1, outgoing__role__AddressBook_#t~ret84#1, outgoing__role__AddressBook_#t~ret85#1, outgoing__role__AddressBook_#t~ret86#1, outgoing__role__AddressBook_#t~ret87#1, outgoing__role__AddressBook_#t~ret88#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~2#1, outgoing__role__AddressBook_~tmp~16#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~5#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~2#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~2#1;havoc outgoing__role__AddressBook_~tmp~16#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~5#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~2#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {25245#false} is VALID [2022-02-20 18:04:49,504 INFO L272 TraceCheckUtils]: 140: Hoare triple {25245#false} call outgoing__role__AddressBook_#t~ret83#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {25245#false} is VALID [2022-02-20 18:04:49,504 INFO L290 TraceCheckUtils]: 141: Hoare triple {25245#false} ~handle := #in~handle;havoc ~retValue_acc~9; {25245#false} is VALID [2022-02-20 18:04:49,504 INFO L290 TraceCheckUtils]: 142: Hoare triple {25245#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~9; {25245#false} is VALID [2022-02-20 18:04:49,504 INFO L290 TraceCheckUtils]: 143: Hoare triple {25245#false} assume true; {25245#false} is VALID [2022-02-20 18:04:49,504 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {25245#false} {25245#false} #1627#return; {25245#false} is VALID [2022-02-20 18:04:49,504 INFO L290 TraceCheckUtils]: 145: Hoare triple {25245#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret83#1 && outgoing__role__AddressBook_#t~ret83#1 <= 2147483647;outgoing__role__AddressBook_~tmp~16#1 := outgoing__role__AddressBook_#t~ret83#1;havoc outgoing__role__AddressBook_#t~ret83#1;outgoing__role__AddressBook_~size~2#1 := outgoing__role__AddressBook_~tmp~16#1; {25245#false} is VALID [2022-02-20 18:04:49,505 INFO L290 TraceCheckUtils]: 146: Hoare triple {25245#false} assume !(0 != outgoing__role__AddressBook_~size~2#1); {25245#false} is VALID [2022-02-20 18:04:49,505 INFO L272 TraceCheckUtils]: 147: Hoare triple {25245#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {25245#false} is VALID [2022-02-20 18:04:49,505 INFO L290 TraceCheckUtils]: 148: Hoare triple {25245#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25245#false} is VALID [2022-02-20 18:04:49,505 INFO L290 TraceCheckUtils]: 149: Hoare triple {25245#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret81#1, outgoing__role__Encrypt_#t~ret82#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~15#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~15#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {25245#false} is VALID [2022-02-20 18:04:49,505 INFO L272 TraceCheckUtils]: 150: Hoare triple {25245#false} call outgoing__role__Encrypt_#t~ret81#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {25245#false} is VALID [2022-02-20 18:04:49,505 INFO L290 TraceCheckUtils]: 151: Hoare triple {25245#false} ~handle := #in~handle;havoc ~retValue_acc~26; {25245#false} is VALID [2022-02-20 18:04:49,505 INFO L290 TraceCheckUtils]: 152: Hoare triple {25245#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {25245#false} is VALID [2022-02-20 18:04:49,505 INFO L290 TraceCheckUtils]: 153: Hoare triple {25245#false} assume true; {25245#false} is VALID [2022-02-20 18:04:49,506 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {25245#false} {25245#false} #1613#return; {25245#false} is VALID [2022-02-20 18:04:49,506 INFO L290 TraceCheckUtils]: 155: Hoare triple {25245#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret81#1 && outgoing__role__Encrypt_#t~ret81#1 <= 2147483647;outgoing__role__Encrypt_~tmp~15#1 := outgoing__role__Encrypt_#t~ret81#1;havoc outgoing__role__Encrypt_#t~ret81#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~15#1; {25245#false} is VALID [2022-02-20 18:04:49,506 INFO L272 TraceCheckUtils]: 156: Hoare triple {25245#false} call outgoing__role__Encrypt_#t~ret82#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {25245#false} is VALID [2022-02-20 18:04:49,506 INFO L290 TraceCheckUtils]: 157: Hoare triple {25245#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {25245#false} is VALID [2022-02-20 18:04:49,506 INFO L290 TraceCheckUtils]: 158: Hoare triple {25245#false} assume 1 == ~handle; {25245#false} is VALID [2022-02-20 18:04:49,506 INFO L290 TraceCheckUtils]: 159: Hoare triple {25245#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {25245#false} is VALID [2022-02-20 18:04:49,506 INFO L290 TraceCheckUtils]: 160: Hoare triple {25245#false} assume true; {25245#false} is VALID [2022-02-20 18:04:49,506 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {25245#false} {25245#false} #1615#return; {25245#false} is VALID [2022-02-20 18:04:49,506 INFO L290 TraceCheckUtils]: 162: Hoare triple {25245#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret82#1 && outgoing__role__Encrypt_#t~ret82#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret82#1;havoc outgoing__role__Encrypt_#t~ret82#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {25245#false} is VALID [2022-02-20 18:04:49,507 INFO L290 TraceCheckUtils]: 163: Hoare triple {25245#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {25245#false} is VALID [2022-02-20 18:04:49,507 INFO L272 TraceCheckUtils]: 164: Hoare triple {25245#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {25245#false} is VALID [2022-02-20 18:04:49,507 INFO L290 TraceCheckUtils]: 165: Hoare triple {25245#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {25245#false} is VALID [2022-02-20 18:04:49,507 INFO L290 TraceCheckUtils]: 166: Hoare triple {25245#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {25245#false} is VALID [2022-02-20 18:04:49,507 INFO L290 TraceCheckUtils]: 167: Hoare triple {25245#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {25245#false} is VALID [2022-02-20 18:04:49,507 INFO L272 TraceCheckUtils]: 168: Hoare triple {25245#false} call setEmailFrom(~msg#1, ~tmp~14#1); {25245#false} is VALID [2022-02-20 18:04:49,507 INFO L290 TraceCheckUtils]: 169: Hoare triple {25245#false} ~handle := #in~handle;~value := #in~value; {25245#false} is VALID [2022-02-20 18:04:49,507 INFO L290 TraceCheckUtils]: 170: Hoare triple {25245#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25245#false} is VALID [2022-02-20 18:04:49,508 INFO L290 TraceCheckUtils]: 171: Hoare triple {25245#false} assume true; {25245#false} is VALID [2022-02-20 18:04:49,508 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {25245#false} {25245#false} #1659#return; {25245#false} is VALID [2022-02-20 18:04:49,508 INFO L290 TraceCheckUtils]: 173: Hoare triple {25245#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {25245#false} is VALID [2022-02-20 18:04:49,508 INFO L290 TraceCheckUtils]: 174: Hoare triple {25245#false} assume 0 != ~in_encrypted~0; {25245#false} is VALID [2022-02-20 18:04:49,508 INFO L272 TraceCheckUtils]: 175: Hoare triple {25245#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {25245#false} is VALID [2022-02-20 18:04:49,508 INFO L290 TraceCheckUtils]: 176: Hoare triple {25245#false} ~handle := #in~handle;havoc ~retValue_acc~29; {25245#false} is VALID [2022-02-20 18:04:49,508 INFO L290 TraceCheckUtils]: 177: Hoare triple {25245#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {25245#false} is VALID [2022-02-20 18:04:49,508 INFO L290 TraceCheckUtils]: 178: Hoare triple {25245#false} assume true; {25245#false} is VALID [2022-02-20 18:04:49,509 INFO L284 TraceCheckUtils]: 179: Hoare quadruple {25245#false} {25245#false} #1661#return; {25245#false} is VALID [2022-02-20 18:04:49,509 INFO L290 TraceCheckUtils]: 180: Hoare triple {25245#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {25245#false} is VALID [2022-02-20 18:04:49,509 INFO L290 TraceCheckUtils]: 181: Hoare triple {25245#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {25245#false} is VALID [2022-02-20 18:04:49,509 INFO L290 TraceCheckUtils]: 182: Hoare triple {25245#false} assume !false; {25245#false} is VALID [2022-02-20 18:04:49,509 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 18:04:49,509 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:49,510 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1174408319] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:49,510 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:49,510 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 18:04:49,510 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1966084385] [2022-02-20 18:04:49,510 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:49,511 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 183 [2022-02-20 18:04:49,511 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:49,511 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:04:49,601 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 154 edges. 154 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:49,602 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:04:49,602 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:49,602 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:04:49,602 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:04:49,603 INFO L87 Difference]: Start difference. First operand 594 states and 852 transitions. Second operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:04:50,294 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:50,294 INFO L93 Difference]: Finished difference Result 1208 states and 1765 transitions. [2022-02-20 18:04:50,294 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:04:50,294 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 183 [2022-02-20 18:04:50,296 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:50,296 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:04:50,309 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1761 transitions. [2022-02-20 18:04:50,309 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:04:50,321 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1761 transitions. [2022-02-20 18:04:50,321 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1761 transitions. [2022-02-20 18:04:51,405 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1761 edges. 1761 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:51,428 INFO L225 Difference]: With dead ends: 1208 [2022-02-20 18:04:51,428 INFO L226 Difference]: Without dead ends: 692 [2022-02-20 18:04:51,429 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 236 GetRequests, 225 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:04:51,431 INFO L933 BasicCegarLoop]: 871 mSDtfsCounter, 165 mSDsluCounter, 799 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 1670 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:51,431 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 1670 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:04:51,432 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 692 states. [2022-02-20 18:04:51,449 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 692 to 684. [2022-02-20 18:04:51,449 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:51,450 INFO L82 GeneralOperation]: Start isEquivalent. First operand 692 states. Second operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 533 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 18:04:51,451 INFO L74 IsIncluded]: Start isIncluded. First operand 692 states. Second operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 533 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 18:04:51,452 INFO L87 Difference]: Start difference. First operand 692 states. Second operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 533 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 18:04:51,469 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:51,469 INFO L93 Difference]: Finished difference Result 692 states and 1007 transitions. [2022-02-20 18:04:51,469 INFO L276 IsEmpty]: Start isEmpty. Operand 692 states and 1007 transitions. [2022-02-20 18:04:51,471 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:51,471 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:51,472 INFO L74 IsIncluded]: Start isIncluded. First operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 533 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) Second operand 692 states. [2022-02-20 18:04:51,472 INFO L87 Difference]: Start difference. First operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 533 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) Second operand 692 states. [2022-02-20 18:04:51,490 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:51,490 INFO L93 Difference]: Finished difference Result 692 states and 1007 transitions. [2022-02-20 18:04:51,490 INFO L276 IsEmpty]: Start isEmpty. Operand 692 states and 1007 transitions. [2022-02-20 18:04:51,492 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:51,492 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:51,492 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:51,492 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:51,493 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 533 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 18:04:51,518 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 684 states to 684 states and 998 transitions. [2022-02-20 18:04:51,520 INFO L78 Accepts]: Start accepts. Automaton has 684 states and 998 transitions. Word has length 183 [2022-02-20 18:04:51,520 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:51,521 INFO L470 AbstractCegarLoop]: Abstraction has 684 states and 998 transitions. [2022-02-20 18:04:51,521 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:04:51,521 INFO L276 IsEmpty]: Start isEmpty. Operand 684 states and 998 transitions. [2022-02-20 18:04:51,523 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 178 [2022-02-20 18:04:51,523 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:51,523 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:51,543 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2022-02-20 18:04:51,739 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable6 [2022-02-20 18:04:51,740 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:51,740 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:51,740 INFO L85 PathProgramCache]: Analyzing trace with hash 1782549721, now seen corresponding path program 1 times [2022-02-20 18:04:51,740 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:51,740 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1967800595] [2022-02-20 18:04:51,740 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:51,740 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:51,787 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,808 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:04:51,810 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,811 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,811 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,811 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29895#true} {29895#true} #1733#return; {29895#true} is VALID [2022-02-20 18:04:51,811 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:04:51,812 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,814 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,814 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,814 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29895#true} {29895#true} #1735#return; {29895#true} is VALID [2022-02-20 18:04:51,814 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:04:51,815 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,816 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,816 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,816 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29895#true} {29895#true} #1737#return; {29895#true} is VALID [2022-02-20 18:04:51,816 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:51,818 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,819 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,819 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,819 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29895#true} {29895#true} #1739#return; {29895#true} is VALID [2022-02-20 18:04:51,820 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:04:51,821 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,825 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,825 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,825 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29895#true} {29895#true} #1741#return; {29895#true} is VALID [2022-02-20 18:04:51,825 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:04:51,826 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,827 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,828 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,828 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29895#true} {29895#true} #1743#return; {29895#true} is VALID [2022-02-20 18:04:51,828 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:04:51,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,830 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,830 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,830 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29895#true} {29895#true} #1745#return; {29895#true} is VALID [2022-02-20 18:04:51,831 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:04:51,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,833 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,833 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,833 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29895#true} {29895#true} #1747#return; {29895#true} is VALID [2022-02-20 18:04:51,838 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:04:51,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,840 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:51,841 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,842 INFO L290 TraceCheckUtils]: 0: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,842 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,842 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,842 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29895#true} {29895#true} #1731#return; {29895#true} is VALID [2022-02-20 18:04:51,842 INFO L290 TraceCheckUtils]: 0: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {29895#true} is VALID [2022-02-20 18:04:51,843 INFO L272 TraceCheckUtils]: 1: Hoare triple {29895#true} call setClientId(~bob___0, ~bob___0); {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:51,843 INFO L290 TraceCheckUtils]: 2: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,843 INFO L290 TraceCheckUtils]: 3: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,843 INFO L290 TraceCheckUtils]: 4: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,843 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29895#true} {29895#true} #1731#return; {29895#true} is VALID [2022-02-20 18:04:51,843 INFO L290 TraceCheckUtils]: 6: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,843 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {29895#true} {29895#true} #1749#return; {29895#true} is VALID [2022-02-20 18:04:51,848 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:04:51,849 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,850 INFO L290 TraceCheckUtils]: 0: Hoare triple {29989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,850 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,850 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,850 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29895#true} {29895#true} #1751#return; {29895#true} is VALID [2022-02-20 18:04:51,850 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:04:51,851 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,862 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:51,863 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,877 INFO L290 TraceCheckUtils]: 0: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29996#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:51,878 INFO L290 TraceCheckUtils]: 1: Hoare triple {29996#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29997#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:51,878 INFO L290 TraceCheckUtils]: 2: Hoare triple {29997#(= |setClientId_#in~handle| 1)} assume true; {29997#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:51,879 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29997#(= |setClientId_#in~handle| 1)} {29990#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {29995#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:51,880 INFO L290 TraceCheckUtils]: 0: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {29990#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:51,880 INFO L272 TraceCheckUtils]: 1: Hoare triple {29990#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:51,881 INFO L290 TraceCheckUtils]: 2: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29996#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:51,881 INFO L290 TraceCheckUtils]: 3: Hoare triple {29996#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29997#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:51,881 INFO L290 TraceCheckUtils]: 4: Hoare triple {29997#(= |setClientId_#in~handle| 1)} assume true; {29997#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:51,882 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29997#(= |setClientId_#in~handle| 1)} {29990#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {29995#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:51,882 INFO L290 TraceCheckUtils]: 6: Hoare triple {29995#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {29995#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:51,883 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {29995#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {29934#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1755#return; {29896#false} is VALID [2022-02-20 18:04:51,883 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:04:51,884 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,886 INFO L290 TraceCheckUtils]: 0: Hoare triple {29989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,886 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,887 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,887 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29895#true} {29896#false} #1757#return; {29896#false} is VALID [2022-02-20 18:04:51,887 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:04:51,888 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,890 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:51,890 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,892 INFO L290 TraceCheckUtils]: 0: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,892 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,892 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,892 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29895#true} {29895#true} #1625#return; {29895#true} is VALID [2022-02-20 18:04:51,892 INFO L290 TraceCheckUtils]: 0: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {29895#true} is VALID [2022-02-20 18:04:51,893 INFO L272 TraceCheckUtils]: 1: Hoare triple {29895#true} call setClientId(~chuck___0, ~chuck___0); {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:51,893 INFO L290 TraceCheckUtils]: 2: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,893 INFO L290 TraceCheckUtils]: 3: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,893 INFO L290 TraceCheckUtils]: 4: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,893 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29895#true} {29895#true} #1625#return; {29895#true} is VALID [2022-02-20 18:04:51,893 INFO L290 TraceCheckUtils]: 6: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,893 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {29895#true} {29896#false} #1761#return; {29896#false} is VALID [2022-02-20 18:04:51,894 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:04:51,895 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,896 INFO L290 TraceCheckUtils]: 0: Hoare triple {29989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,896 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,896 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,896 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29895#true} {29896#false} #1763#return; {29896#false} is VALID [2022-02-20 18:04:51,903 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:04:51,904 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,905 INFO L290 TraceCheckUtils]: 0: Hoare triple {30002#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,905 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,905 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,905 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29895#true} {29896#false} #1647#return; {29896#false} is VALID [2022-02-20 18:04:51,912 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 18:04:51,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,914 INFO L290 TraceCheckUtils]: 0: Hoare triple {30003#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,914 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,914 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,915 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29895#true} {29896#false} #1649#return; {29896#false} is VALID [2022-02-20 18:04:51,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-02-20 18:04:51,916 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,918 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} ~handle := #in~handle;havoc ~retValue_acc~26; {29895#true} is VALID [2022-02-20 18:04:51,918 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {29895#true} is VALID [2022-02-20 18:04:51,918 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,918 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29895#true} {29896#false} #1613#return; {29896#false} is VALID [2022-02-20 18:04:51,918 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-02-20 18:04:51,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,920 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {29895#true} is VALID [2022-02-20 18:04:51,920 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume 1 == ~handle; {29895#true} is VALID [2022-02-20 18:04:51,920 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {29895#true} is VALID [2022-02-20 18:04:51,920 INFO L290 TraceCheckUtils]: 3: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,920 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {29895#true} {29896#false} #1615#return; {29896#false} is VALID [2022-02-20 18:04:51,920 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 162 [2022-02-20 18:04:51,921 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,922 INFO L290 TraceCheckUtils]: 0: Hoare triple {30002#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,922 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,922 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,922 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29895#true} {29896#false} #1659#return; {29896#false} is VALID [2022-02-20 18:04:51,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 169 [2022-02-20 18:04:51,923 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:51,924 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} ~handle := #in~handle;havoc ~retValue_acc~29; {29895#true} is VALID [2022-02-20 18:04:51,924 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {29895#true} is VALID [2022-02-20 18:04:51,924 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,924 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29895#true} {29896#false} #1661#return; {29896#false} is VALID [2022-02-20 18:04:51,925 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {29895#true} is VALID [2022-02-20 18:04:51,925 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {29895#true} is VALID [2022-02-20 18:04:51,925 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {29895#true} is VALID [2022-02-20 18:04:51,925 INFO L272 TraceCheckUtils]: 3: Hoare triple {29895#true} call select_features_#t~ret5#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:51,925 INFO L290 TraceCheckUtils]: 4: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,925 INFO L290 TraceCheckUtils]: 5: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,925 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {29895#true} {29895#true} #1733#return; {29895#true} is VALID [2022-02-20 18:04:51,925 INFO L290 TraceCheckUtils]: 7: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {29895#true} is VALID [2022-02-20 18:04:51,926 INFO L272 TraceCheckUtils]: 8: Hoare triple {29895#true} call select_features_#t~ret6#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:51,926 INFO L290 TraceCheckUtils]: 9: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,926 INFO L290 TraceCheckUtils]: 10: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,926 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {29895#true} {29895#true} #1735#return; {29895#true} is VALID [2022-02-20 18:04:51,926 INFO L290 TraceCheckUtils]: 12: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {29895#true} is VALID [2022-02-20 18:04:51,926 INFO L272 TraceCheckUtils]: 13: Hoare triple {29895#true} call select_features_#t~ret7#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:51,926 INFO L290 TraceCheckUtils]: 14: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,926 INFO L290 TraceCheckUtils]: 15: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,926 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29895#true} {29895#true} #1737#return; {29895#true} is VALID [2022-02-20 18:04:51,927 INFO L290 TraceCheckUtils]: 17: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {29895#true} is VALID [2022-02-20 18:04:51,927 INFO L272 TraceCheckUtils]: 18: Hoare triple {29895#true} call select_features_#t~ret8#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:51,927 INFO L290 TraceCheckUtils]: 19: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,927 INFO L290 TraceCheckUtils]: 20: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,927 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {29895#true} {29895#true} #1739#return; {29895#true} is VALID [2022-02-20 18:04:51,927 INFO L290 TraceCheckUtils]: 22: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {29895#true} is VALID [2022-02-20 18:04:51,927 INFO L272 TraceCheckUtils]: 23: Hoare triple {29895#true} call select_features_#t~ret9#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:51,927 INFO L290 TraceCheckUtils]: 24: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,928 INFO L290 TraceCheckUtils]: 25: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,928 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {29895#true} {29895#true} #1741#return; {29895#true} is VALID [2022-02-20 18:04:51,928 INFO L290 TraceCheckUtils]: 27: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {29895#true} is VALID [2022-02-20 18:04:51,928 INFO L272 TraceCheckUtils]: 28: Hoare triple {29895#true} call select_features_#t~ret10#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:51,928 INFO L290 TraceCheckUtils]: 29: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,928 INFO L290 TraceCheckUtils]: 30: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,928 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {29895#true} {29895#true} #1743#return; {29895#true} is VALID [2022-02-20 18:04:51,928 INFO L290 TraceCheckUtils]: 32: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {29895#true} is VALID [2022-02-20 18:04:51,928 INFO L272 TraceCheckUtils]: 33: Hoare triple {29895#true} call select_features_#t~ret11#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:51,929 INFO L290 TraceCheckUtils]: 34: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,929 INFO L290 TraceCheckUtils]: 35: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,929 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {29895#true} {29895#true} #1745#return; {29895#true} is VALID [2022-02-20 18:04:51,929 INFO L290 TraceCheckUtils]: 37: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {29895#true} is VALID [2022-02-20 18:04:51,929 INFO L272 TraceCheckUtils]: 38: Hoare triple {29895#true} call select_features_#t~ret12#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:51,929 INFO L290 TraceCheckUtils]: 39: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:51,929 INFO L290 TraceCheckUtils]: 40: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,929 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {29895#true} {29895#true} #1747#return; {29895#true} is VALID [2022-02-20 18:04:51,929 INFO L290 TraceCheckUtils]: 42: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {29895#true} is VALID [2022-02-20 18:04:51,930 INFO L290 TraceCheckUtils]: 43: Hoare triple {29895#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {29895#true} is VALID [2022-02-20 18:04:51,930 INFO L290 TraceCheckUtils]: 44: Hoare triple {29895#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {29895#true} is VALID [2022-02-20 18:04:51,930 INFO L290 TraceCheckUtils]: 45: Hoare triple {29895#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {29895#true} is VALID [2022-02-20 18:04:51,930 INFO L290 TraceCheckUtils]: 46: Hoare triple {29895#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {29895#true} is VALID [2022-02-20 18:04:51,930 INFO L290 TraceCheckUtils]: 47: Hoare triple {29895#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {29895#true} is VALID [2022-02-20 18:04:51,930 INFO L290 TraceCheckUtils]: 48: Hoare triple {29895#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {29895#true} is VALID [2022-02-20 18:04:51,930 INFO L290 TraceCheckUtils]: 49: Hoare triple {29895#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {29895#true} is VALID [2022-02-20 18:04:51,930 INFO L290 TraceCheckUtils]: 50: Hoare triple {29895#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {29895#true} is VALID [2022-02-20 18:04:51,930 INFO L290 TraceCheckUtils]: 51: Hoare triple {29895#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {29895#true} is VALID [2022-02-20 18:04:51,931 INFO L290 TraceCheckUtils]: 52: Hoare triple {29895#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {29895#true} is VALID [2022-02-20 18:04:51,931 INFO L290 TraceCheckUtils]: 53: Hoare triple {29895#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {29895#true} is VALID [2022-02-20 18:04:51,931 INFO L290 TraceCheckUtils]: 54: Hoare triple {29895#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {29895#true} is VALID [2022-02-20 18:04:51,931 INFO L290 TraceCheckUtils]: 55: Hoare triple {29895#true} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {29895#true} is VALID [2022-02-20 18:04:51,931 INFO L290 TraceCheckUtils]: 56: Hoare triple {29895#true} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {29895#true} is VALID [2022-02-20 18:04:51,931 INFO L290 TraceCheckUtils]: 57: Hoare triple {29895#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {29895#true} is VALID [2022-02-20 18:04:51,932 INFO L272 TraceCheckUtils]: 58: Hoare triple {29895#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:51,932 INFO L290 TraceCheckUtils]: 59: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {29895#true} is VALID [2022-02-20 18:04:51,932 INFO L272 TraceCheckUtils]: 60: Hoare triple {29895#true} call setClientId(~bob___0, ~bob___0); {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:51,933 INFO L290 TraceCheckUtils]: 61: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,933 INFO L290 TraceCheckUtils]: 62: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,933 INFO L290 TraceCheckUtils]: 63: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,933 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {29895#true} {29895#true} #1731#return; {29895#true} is VALID [2022-02-20 18:04:51,933 INFO L290 TraceCheckUtils]: 65: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,933 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {29895#true} {29895#true} #1749#return; {29895#true} is VALID [2022-02-20 18:04:51,934 INFO L272 TraceCheckUtils]: 67: Hoare triple {29895#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {29989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:51,934 INFO L290 TraceCheckUtils]: 68: Hoare triple {29989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,934 INFO L290 TraceCheckUtils]: 69: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,934 INFO L290 TraceCheckUtils]: 70: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,934 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {29895#true} {29895#true} #1751#return; {29895#true} is VALID [2022-02-20 18:04:51,934 INFO L290 TraceCheckUtils]: 72: Hoare triple {29895#true} assume { :end_inline_setup_bob__role__Keys } true; {29895#true} is VALID [2022-02-20 18:04:51,935 INFO L290 TraceCheckUtils]: 73: Hoare triple {29895#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {29933#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:51,935 INFO L290 TraceCheckUtils]: 74: Hoare triple {29933#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {29934#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:04:51,935 INFO L272 TraceCheckUtils]: 75: Hoare triple {29934#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:51,936 INFO L290 TraceCheckUtils]: 76: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {29990#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:51,936 INFO L272 TraceCheckUtils]: 77: Hoare triple {29990#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:51,937 INFO L290 TraceCheckUtils]: 78: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29996#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:51,937 INFO L290 TraceCheckUtils]: 79: Hoare triple {29996#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29997#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:51,937 INFO L290 TraceCheckUtils]: 80: Hoare triple {29997#(= |setClientId_#in~handle| 1)} assume true; {29997#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:51,938 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {29997#(= |setClientId_#in~handle| 1)} {29990#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {29995#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:51,938 INFO L290 TraceCheckUtils]: 82: Hoare triple {29995#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {29995#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:51,938 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {29995#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {29934#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1755#return; {29896#false} is VALID [2022-02-20 18:04:51,939 INFO L272 TraceCheckUtils]: 84: Hoare triple {29896#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {29989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:51,939 INFO L290 TraceCheckUtils]: 85: Hoare triple {29989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,939 INFO L290 TraceCheckUtils]: 86: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,939 INFO L290 TraceCheckUtils]: 87: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,939 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {29895#true} {29896#false} #1757#return; {29896#false} is VALID [2022-02-20 18:04:51,939 INFO L290 TraceCheckUtils]: 89: Hoare triple {29896#false} assume { :end_inline_setup_rjh__role__Keys } true; {29896#false} is VALID [2022-02-20 18:04:51,939 INFO L290 TraceCheckUtils]: 90: Hoare triple {29896#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {29896#false} is VALID [2022-02-20 18:04:51,939 INFO L290 TraceCheckUtils]: 91: Hoare triple {29896#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {29896#false} is VALID [2022-02-20 18:04:51,939 INFO L272 TraceCheckUtils]: 92: Hoare triple {29896#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:51,940 INFO L290 TraceCheckUtils]: 93: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {29895#true} is VALID [2022-02-20 18:04:51,940 INFO L272 TraceCheckUtils]: 94: Hoare triple {29895#true} call setClientId(~chuck___0, ~chuck___0); {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:51,940 INFO L290 TraceCheckUtils]: 95: Hoare triple {29984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,940 INFO L290 TraceCheckUtils]: 96: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,940 INFO L290 TraceCheckUtils]: 97: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,941 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {29895#true} {29895#true} #1625#return; {29895#true} is VALID [2022-02-20 18:04:51,941 INFO L290 TraceCheckUtils]: 99: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,941 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {29895#true} {29896#false} #1761#return; {29896#false} is VALID [2022-02-20 18:04:51,941 INFO L272 TraceCheckUtils]: 101: Hoare triple {29896#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {29989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:51,941 INFO L290 TraceCheckUtils]: 102: Hoare triple {29989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,941 INFO L290 TraceCheckUtils]: 103: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,941 INFO L290 TraceCheckUtils]: 104: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,941 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {29895#true} {29896#false} #1763#return; {29896#false} is VALID [2022-02-20 18:04:51,942 INFO L290 TraceCheckUtils]: 106: Hoare triple {29896#false} assume { :end_inline_setup_chuck__role__Keys } true; {29896#false} is VALID [2022-02-20 18:04:51,942 INFO L290 TraceCheckUtils]: 107: Hoare triple {29896#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {29896#false} is VALID [2022-02-20 18:04:51,942 INFO L290 TraceCheckUtils]: 108: Hoare triple {29896#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29896#false} is VALID [2022-02-20 18:04:51,942 INFO L290 TraceCheckUtils]: 109: Hoare triple {29896#false} assume !false; {29896#false} is VALID [2022-02-20 18:04:51,942 INFO L290 TraceCheckUtils]: 110: Hoare triple {29896#false} assume test_~splverifierCounter~0#1 < 4; {29896#false} is VALID [2022-02-20 18:04:51,942 INFO L290 TraceCheckUtils]: 111: Hoare triple {29896#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {29896#false} is VALID [2022-02-20 18:04:51,943 INFO L290 TraceCheckUtils]: 112: Hoare triple {29896#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {29896#false} is VALID [2022-02-20 18:04:51,943 INFO L290 TraceCheckUtils]: 113: Hoare triple {29896#false} assume !(0 != test_~tmp___9~0#1); {29896#false} is VALID [2022-02-20 18:04:51,943 INFO L290 TraceCheckUtils]: 114: Hoare triple {29896#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {29896#false} is VALID [2022-02-20 18:04:51,943 INFO L290 TraceCheckUtils]: 115: Hoare triple {29896#false} assume 0 != test_~tmp___8~0#1; {29896#false} is VALID [2022-02-20 18:04:51,943 INFO L290 TraceCheckUtils]: 116: Hoare triple {29896#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {29896#false} is VALID [2022-02-20 18:04:51,944 INFO L290 TraceCheckUtils]: 117: Hoare triple {29896#false} test_~op2~0#1 := 1; {29896#false} is VALID [2022-02-20 18:04:51,944 INFO L290 TraceCheckUtils]: 118: Hoare triple {29896#false} assume !false; {29896#false} is VALID [2022-02-20 18:04:51,944 INFO L290 TraceCheckUtils]: 119: Hoare triple {29896#false} assume !(test_~splverifierCounter~0#1 < 4); {29896#false} is VALID [2022-02-20 18:04:51,944 INFO L290 TraceCheckUtils]: 120: Hoare triple {29896#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {29896#false} is VALID [2022-02-20 18:04:51,944 INFO L272 TraceCheckUtils]: 121: Hoare triple {29896#false} call sendEmail(~bob~0, ~rjh~0); {29896#false} is VALID [2022-02-20 18:04:51,944 INFO L290 TraceCheckUtils]: 122: Hoare triple {29896#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29896#false} is VALID [2022-02-20 18:04:51,944 INFO L272 TraceCheckUtils]: 123: Hoare triple {29896#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30002#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:51,944 INFO L290 TraceCheckUtils]: 124: Hoare triple {30002#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,944 INFO L290 TraceCheckUtils]: 125: Hoare triple {29895#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,945 INFO L290 TraceCheckUtils]: 126: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,945 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {29895#true} {29896#false} #1647#return; {29896#false} is VALID [2022-02-20 18:04:51,945 INFO L272 TraceCheckUtils]: 128: Hoare triple {29896#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30003#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:51,945 INFO L290 TraceCheckUtils]: 129: Hoare triple {30003#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,945 INFO L290 TraceCheckUtils]: 130: Hoare triple {29895#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,945 INFO L290 TraceCheckUtils]: 131: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,945 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {29895#true} {29896#false} #1649#return; {29896#false} is VALID [2022-02-20 18:04:51,945 INFO L290 TraceCheckUtils]: 133: Hoare triple {29896#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {29896#false} is VALID [2022-02-20 18:04:51,946 INFO L290 TraceCheckUtils]: 134: Hoare triple {29896#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {29896#false} is VALID [2022-02-20 18:04:51,946 INFO L272 TraceCheckUtils]: 135: Hoare triple {29896#false} call outgoing(~sender#1, ~email~0#1); {29896#false} is VALID [2022-02-20 18:04:51,946 INFO L290 TraceCheckUtils]: 136: Hoare triple {29896#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29896#false} is VALID [2022-02-20 18:04:51,946 INFO L290 TraceCheckUtils]: 137: Hoare triple {29896#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {29896#false} is VALID [2022-02-20 18:04:51,946 INFO L272 TraceCheckUtils]: 138: Hoare triple {29896#false} call outgoing__before__Sign(~client#1, ~msg#1); {29896#false} is VALID [2022-02-20 18:04:51,946 INFO L290 TraceCheckUtils]: 139: Hoare triple {29896#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29896#false} is VALID [2022-02-20 18:04:51,946 INFO L290 TraceCheckUtils]: 140: Hoare triple {29896#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {29896#false} is VALID [2022-02-20 18:04:51,946 INFO L272 TraceCheckUtils]: 141: Hoare triple {29896#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {29896#false} is VALID [2022-02-20 18:04:51,946 INFO L290 TraceCheckUtils]: 142: Hoare triple {29896#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29896#false} is VALID [2022-02-20 18:04:51,947 INFO L290 TraceCheckUtils]: 143: Hoare triple {29896#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret81#1, outgoing__role__Encrypt_#t~ret82#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~15#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~15#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {29896#false} is VALID [2022-02-20 18:04:51,947 INFO L272 TraceCheckUtils]: 144: Hoare triple {29896#false} call outgoing__role__Encrypt_#t~ret81#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {29895#true} is VALID [2022-02-20 18:04:51,947 INFO L290 TraceCheckUtils]: 145: Hoare triple {29895#true} ~handle := #in~handle;havoc ~retValue_acc~26; {29895#true} is VALID [2022-02-20 18:04:51,947 INFO L290 TraceCheckUtils]: 146: Hoare triple {29895#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {29895#true} is VALID [2022-02-20 18:04:51,947 INFO L290 TraceCheckUtils]: 147: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,947 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {29895#true} {29896#false} #1613#return; {29896#false} is VALID [2022-02-20 18:04:51,947 INFO L290 TraceCheckUtils]: 149: Hoare triple {29896#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret81#1 && outgoing__role__Encrypt_#t~ret81#1 <= 2147483647;outgoing__role__Encrypt_~tmp~15#1 := outgoing__role__Encrypt_#t~ret81#1;havoc outgoing__role__Encrypt_#t~ret81#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~15#1; {29896#false} is VALID [2022-02-20 18:04:51,947 INFO L272 TraceCheckUtils]: 150: Hoare triple {29896#false} call outgoing__role__Encrypt_#t~ret82#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {29895#true} is VALID [2022-02-20 18:04:51,948 INFO L290 TraceCheckUtils]: 151: Hoare triple {29895#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {29895#true} is VALID [2022-02-20 18:04:51,948 INFO L290 TraceCheckUtils]: 152: Hoare triple {29895#true} assume 1 == ~handle; {29895#true} is VALID [2022-02-20 18:04:51,948 INFO L290 TraceCheckUtils]: 153: Hoare triple {29895#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {29895#true} is VALID [2022-02-20 18:04:51,948 INFO L290 TraceCheckUtils]: 154: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,948 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {29895#true} {29896#false} #1615#return; {29896#false} is VALID [2022-02-20 18:04:51,948 INFO L290 TraceCheckUtils]: 156: Hoare triple {29896#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret82#1 && outgoing__role__Encrypt_#t~ret82#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret82#1;havoc outgoing__role__Encrypt_#t~ret82#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {29896#false} is VALID [2022-02-20 18:04:51,948 INFO L290 TraceCheckUtils]: 157: Hoare triple {29896#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {29896#false} is VALID [2022-02-20 18:04:51,948 INFO L272 TraceCheckUtils]: 158: Hoare triple {29896#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {29896#false} is VALID [2022-02-20 18:04:51,948 INFO L290 TraceCheckUtils]: 159: Hoare triple {29896#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {29896#false} is VALID [2022-02-20 18:04:51,949 INFO L290 TraceCheckUtils]: 160: Hoare triple {29896#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {29896#false} is VALID [2022-02-20 18:04:51,949 INFO L290 TraceCheckUtils]: 161: Hoare triple {29896#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {29896#false} is VALID [2022-02-20 18:04:51,949 INFO L272 TraceCheckUtils]: 162: Hoare triple {29896#false} call setEmailFrom(~msg#1, ~tmp~14#1); {30002#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:51,949 INFO L290 TraceCheckUtils]: 163: Hoare triple {30002#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:51,949 INFO L290 TraceCheckUtils]: 164: Hoare triple {29895#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:51,949 INFO L290 TraceCheckUtils]: 165: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,949 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {29895#true} {29896#false} #1659#return; {29896#false} is VALID [2022-02-20 18:04:51,949 INFO L290 TraceCheckUtils]: 167: Hoare triple {29896#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {29896#false} is VALID [2022-02-20 18:04:51,949 INFO L290 TraceCheckUtils]: 168: Hoare triple {29896#false} assume 0 != ~in_encrypted~0; {29896#false} is VALID [2022-02-20 18:04:51,950 INFO L272 TraceCheckUtils]: 169: Hoare triple {29896#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {29895#true} is VALID [2022-02-20 18:04:51,950 INFO L290 TraceCheckUtils]: 170: Hoare triple {29895#true} ~handle := #in~handle;havoc ~retValue_acc~29; {29895#true} is VALID [2022-02-20 18:04:51,950 INFO L290 TraceCheckUtils]: 171: Hoare triple {29895#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {29895#true} is VALID [2022-02-20 18:04:51,950 INFO L290 TraceCheckUtils]: 172: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:51,950 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {29895#true} {29896#false} #1661#return; {29896#false} is VALID [2022-02-20 18:04:51,950 INFO L290 TraceCheckUtils]: 174: Hoare triple {29896#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {29896#false} is VALID [2022-02-20 18:04:51,950 INFO L290 TraceCheckUtils]: 175: Hoare triple {29896#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {29896#false} is VALID [2022-02-20 18:04:51,950 INFO L290 TraceCheckUtils]: 176: Hoare triple {29896#false} assume !false; {29896#false} is VALID [2022-02-20 18:04:51,951 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2022-02-20 18:04:51,951 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:51,952 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1967800595] [2022-02-20 18:04:51,952 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1967800595] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:51,952 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [338428397] [2022-02-20 18:04:51,952 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:51,952 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:51,952 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:51,953 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:51,954 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:04:52,218 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:52,223 INFO L263 TraceCheckSpWp]: Trace formula consists of 1474 conjuncts, 10 conjunts are in the unsatisfiable core [2022-02-20 18:04:52,288 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:52,291 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:52,799 INFO L290 TraceCheckUtils]: 0: Hoare triple {29895#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {29895#true} is VALID [2022-02-20 18:04:52,800 INFO L290 TraceCheckUtils]: 1: Hoare triple {29895#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {29895#true} is VALID [2022-02-20 18:04:52,800 INFO L290 TraceCheckUtils]: 2: Hoare triple {29895#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {29895#true} is VALID [2022-02-20 18:04:52,800 INFO L272 TraceCheckUtils]: 3: Hoare triple {29895#true} call select_features_#t~ret5#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:52,800 INFO L290 TraceCheckUtils]: 4: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:52,800 INFO L290 TraceCheckUtils]: 5: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:52,801 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {29895#true} {29895#true} #1733#return; {29895#true} is VALID [2022-02-20 18:04:52,801 INFO L290 TraceCheckUtils]: 7: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {29895#true} is VALID [2022-02-20 18:04:52,801 INFO L272 TraceCheckUtils]: 8: Hoare triple {29895#true} call select_features_#t~ret6#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:52,801 INFO L290 TraceCheckUtils]: 9: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:52,801 INFO L290 TraceCheckUtils]: 10: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:52,801 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {29895#true} {29895#true} #1735#return; {29895#true} is VALID [2022-02-20 18:04:52,801 INFO L290 TraceCheckUtils]: 12: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {29895#true} is VALID [2022-02-20 18:04:52,801 INFO L272 TraceCheckUtils]: 13: Hoare triple {29895#true} call select_features_#t~ret7#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:52,801 INFO L290 TraceCheckUtils]: 14: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:52,802 INFO L290 TraceCheckUtils]: 15: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:52,802 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29895#true} {29895#true} #1737#return; {29895#true} is VALID [2022-02-20 18:04:52,802 INFO L290 TraceCheckUtils]: 17: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {29895#true} is VALID [2022-02-20 18:04:52,802 INFO L272 TraceCheckUtils]: 18: Hoare triple {29895#true} call select_features_#t~ret8#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:52,802 INFO L290 TraceCheckUtils]: 19: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:52,802 INFO L290 TraceCheckUtils]: 20: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:52,802 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {29895#true} {29895#true} #1739#return; {29895#true} is VALID [2022-02-20 18:04:52,802 INFO L290 TraceCheckUtils]: 22: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {29895#true} is VALID [2022-02-20 18:04:52,803 INFO L272 TraceCheckUtils]: 23: Hoare triple {29895#true} call select_features_#t~ret9#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:52,803 INFO L290 TraceCheckUtils]: 24: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:52,803 INFO L290 TraceCheckUtils]: 25: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:52,804 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {29895#true} {29895#true} #1741#return; {29895#true} is VALID [2022-02-20 18:04:52,804 INFO L290 TraceCheckUtils]: 27: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {29895#true} is VALID [2022-02-20 18:04:52,805 INFO L272 TraceCheckUtils]: 28: Hoare triple {29895#true} call select_features_#t~ret10#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:52,805 INFO L290 TraceCheckUtils]: 29: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:52,805 INFO L290 TraceCheckUtils]: 30: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:52,805 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {29895#true} {29895#true} #1743#return; {29895#true} is VALID [2022-02-20 18:04:52,805 INFO L290 TraceCheckUtils]: 32: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {29895#true} is VALID [2022-02-20 18:04:52,805 INFO L272 TraceCheckUtils]: 33: Hoare triple {29895#true} call select_features_#t~ret11#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:52,805 INFO L290 TraceCheckUtils]: 34: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:52,806 INFO L290 TraceCheckUtils]: 35: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:52,806 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {29895#true} {29895#true} #1745#return; {29895#true} is VALID [2022-02-20 18:04:52,806 INFO L290 TraceCheckUtils]: 37: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {29895#true} is VALID [2022-02-20 18:04:52,806 INFO L272 TraceCheckUtils]: 38: Hoare triple {29895#true} call select_features_#t~ret12#1 := select_one(); {29895#true} is VALID [2022-02-20 18:04:52,806 INFO L290 TraceCheckUtils]: 39: Hoare triple {29895#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {29895#true} is VALID [2022-02-20 18:04:52,806 INFO L290 TraceCheckUtils]: 40: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:52,806 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {29895#true} {29895#true} #1747#return; {29895#true} is VALID [2022-02-20 18:04:52,806 INFO L290 TraceCheckUtils]: 42: Hoare triple {29895#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {29895#true} is VALID [2022-02-20 18:04:52,806 INFO L290 TraceCheckUtils]: 43: Hoare triple {29895#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {29895#true} is VALID [2022-02-20 18:04:52,807 INFO L290 TraceCheckUtils]: 44: Hoare triple {29895#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {29895#true} is VALID [2022-02-20 18:04:52,807 INFO L290 TraceCheckUtils]: 45: Hoare triple {29895#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {29895#true} is VALID [2022-02-20 18:04:52,807 INFO L290 TraceCheckUtils]: 46: Hoare triple {29895#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {29895#true} is VALID [2022-02-20 18:04:52,807 INFO L290 TraceCheckUtils]: 47: Hoare triple {29895#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {29895#true} is VALID [2022-02-20 18:04:52,807 INFO L290 TraceCheckUtils]: 48: Hoare triple {29895#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {29895#true} is VALID [2022-02-20 18:04:52,807 INFO L290 TraceCheckUtils]: 49: Hoare triple {29895#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {29895#true} is VALID [2022-02-20 18:04:52,807 INFO L290 TraceCheckUtils]: 50: Hoare triple {29895#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {29895#true} is VALID [2022-02-20 18:04:52,807 INFO L290 TraceCheckUtils]: 51: Hoare triple {29895#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {29895#true} is VALID [2022-02-20 18:04:52,808 INFO L290 TraceCheckUtils]: 52: Hoare triple {29895#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {29895#true} is VALID [2022-02-20 18:04:52,808 INFO L290 TraceCheckUtils]: 53: Hoare triple {29895#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {29895#true} is VALID [2022-02-20 18:04:52,808 INFO L290 TraceCheckUtils]: 54: Hoare triple {29895#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {29895#true} is VALID [2022-02-20 18:04:52,808 INFO L290 TraceCheckUtils]: 55: Hoare triple {29895#true} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {29895#true} is VALID [2022-02-20 18:04:52,808 INFO L290 TraceCheckUtils]: 56: Hoare triple {29895#true} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {29895#true} is VALID [2022-02-20 18:04:52,808 INFO L290 TraceCheckUtils]: 57: Hoare triple {29895#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {29895#true} is VALID [2022-02-20 18:04:52,808 INFO L272 TraceCheckUtils]: 58: Hoare triple {29895#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {29895#true} is VALID [2022-02-20 18:04:52,808 INFO L290 TraceCheckUtils]: 59: Hoare triple {29895#true} ~bob___0 := #in~bob___0; {29895#true} is VALID [2022-02-20 18:04:52,809 INFO L272 TraceCheckUtils]: 60: Hoare triple {29895#true} call setClientId(~bob___0, ~bob___0); {29895#true} is VALID [2022-02-20 18:04:52,809 INFO L290 TraceCheckUtils]: 61: Hoare triple {29895#true} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:52,809 INFO L290 TraceCheckUtils]: 62: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:52,809 INFO L290 TraceCheckUtils]: 63: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:52,809 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {29895#true} {29895#true} #1731#return; {29895#true} is VALID [2022-02-20 18:04:52,809 INFO L290 TraceCheckUtils]: 65: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:52,809 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {29895#true} {29895#true} #1749#return; {29895#true} is VALID [2022-02-20 18:04:52,809 INFO L272 TraceCheckUtils]: 67: Hoare triple {29895#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {29895#true} is VALID [2022-02-20 18:04:52,810 INFO L290 TraceCheckUtils]: 68: Hoare triple {29895#true} ~handle := #in~handle;~value := #in~value; {29895#true} is VALID [2022-02-20 18:04:52,810 INFO L290 TraceCheckUtils]: 69: Hoare triple {29895#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29895#true} is VALID [2022-02-20 18:04:52,810 INFO L290 TraceCheckUtils]: 70: Hoare triple {29895#true} assume true; {29895#true} is VALID [2022-02-20 18:04:52,810 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {29895#true} {29895#true} #1751#return; {29895#true} is VALID [2022-02-20 18:04:52,810 INFO L290 TraceCheckUtils]: 72: Hoare triple {29895#true} assume { :end_inline_setup_bob__role__Keys } true; {29895#true} is VALID [2022-02-20 18:04:52,810 INFO L290 TraceCheckUtils]: 73: Hoare triple {29895#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {30226#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:04:52,811 INFO L290 TraceCheckUtils]: 74: Hoare triple {30226#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {30230#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:04:52,811 INFO L272 TraceCheckUtils]: 75: Hoare triple {30230#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {29895#true} is VALID [2022-02-20 18:04:52,811 INFO L290 TraceCheckUtils]: 76: Hoare triple {29895#true} ~rjh___0 := #in~rjh___0; {30237#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} is VALID [2022-02-20 18:04:52,811 INFO L272 TraceCheckUtils]: 77: Hoare triple {30237#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} call setClientId(~rjh___0, ~rjh___0); {29895#true} is VALID [2022-02-20 18:04:52,812 INFO L290 TraceCheckUtils]: 78: Hoare triple {29895#true} ~handle := #in~handle;~value := #in~value; {30244#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:04:52,812 INFO L290 TraceCheckUtils]: 79: Hoare triple {30244#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30248#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:52,812 INFO L290 TraceCheckUtils]: 80: Hoare triple {30248#(<= |setClientId_#in~handle| 1)} assume true; {30248#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:04:52,813 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {30248#(<= |setClientId_#in~handle| 1)} {30237#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} #1683#return; {30255#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:52,813 INFO L290 TraceCheckUtils]: 82: Hoare triple {30255#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {30255#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:04:52,814 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {30255#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} {30230#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1755#return; {29896#false} is VALID [2022-02-20 18:04:52,814 INFO L272 TraceCheckUtils]: 84: Hoare triple {29896#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {29896#false} is VALID [2022-02-20 18:04:52,814 INFO L290 TraceCheckUtils]: 85: Hoare triple {29896#false} ~handle := #in~handle;~value := #in~value; {29896#false} is VALID [2022-02-20 18:04:52,814 INFO L290 TraceCheckUtils]: 86: Hoare triple {29896#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29896#false} is VALID [2022-02-20 18:04:52,814 INFO L290 TraceCheckUtils]: 87: Hoare triple {29896#false} assume true; {29896#false} is VALID [2022-02-20 18:04:52,814 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {29896#false} {29896#false} #1757#return; {29896#false} is VALID [2022-02-20 18:04:52,814 INFO L290 TraceCheckUtils]: 89: Hoare triple {29896#false} assume { :end_inline_setup_rjh__role__Keys } true; {29896#false} is VALID [2022-02-20 18:04:52,814 INFO L290 TraceCheckUtils]: 90: Hoare triple {29896#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {29896#false} is VALID [2022-02-20 18:04:52,815 INFO L290 TraceCheckUtils]: 91: Hoare triple {29896#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {29896#false} is VALID [2022-02-20 18:04:52,815 INFO L272 TraceCheckUtils]: 92: Hoare triple {29896#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {29896#false} is VALID [2022-02-20 18:04:52,815 INFO L290 TraceCheckUtils]: 93: Hoare triple {29896#false} ~chuck___0 := #in~chuck___0; {29896#false} is VALID [2022-02-20 18:04:52,815 INFO L272 TraceCheckUtils]: 94: Hoare triple {29896#false} call setClientId(~chuck___0, ~chuck___0); {29896#false} is VALID [2022-02-20 18:04:52,815 INFO L290 TraceCheckUtils]: 95: Hoare triple {29896#false} ~handle := #in~handle;~value := #in~value; {29896#false} is VALID [2022-02-20 18:04:52,815 INFO L290 TraceCheckUtils]: 96: Hoare triple {29896#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29896#false} is VALID [2022-02-20 18:04:52,815 INFO L290 TraceCheckUtils]: 97: Hoare triple {29896#false} assume true; {29896#false} is VALID [2022-02-20 18:04:52,815 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {29896#false} {29896#false} #1625#return; {29896#false} is VALID [2022-02-20 18:04:52,816 INFO L290 TraceCheckUtils]: 99: Hoare triple {29896#false} assume true; {29896#false} is VALID [2022-02-20 18:04:52,816 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {29896#false} {29896#false} #1761#return; {29896#false} is VALID [2022-02-20 18:04:52,816 INFO L272 TraceCheckUtils]: 101: Hoare triple {29896#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {29896#false} is VALID [2022-02-20 18:04:52,816 INFO L290 TraceCheckUtils]: 102: Hoare triple {29896#false} ~handle := #in~handle;~value := #in~value; {29896#false} is VALID [2022-02-20 18:04:52,816 INFO L290 TraceCheckUtils]: 103: Hoare triple {29896#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29896#false} is VALID [2022-02-20 18:04:52,816 INFO L290 TraceCheckUtils]: 104: Hoare triple {29896#false} assume true; {29896#false} is VALID [2022-02-20 18:04:52,816 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {29896#false} {29896#false} #1763#return; {29896#false} is VALID [2022-02-20 18:04:52,816 INFO L290 TraceCheckUtils]: 106: Hoare triple {29896#false} assume { :end_inline_setup_chuck__role__Keys } true; {29896#false} is VALID [2022-02-20 18:04:52,816 INFO L290 TraceCheckUtils]: 107: Hoare triple {29896#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {29896#false} is VALID [2022-02-20 18:04:52,817 INFO L290 TraceCheckUtils]: 108: Hoare triple {29896#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29896#false} is VALID [2022-02-20 18:04:52,817 INFO L290 TraceCheckUtils]: 109: Hoare triple {29896#false} assume !false; {29896#false} is VALID [2022-02-20 18:04:52,817 INFO L290 TraceCheckUtils]: 110: Hoare triple {29896#false} assume test_~splverifierCounter~0#1 < 4; {29896#false} is VALID [2022-02-20 18:04:52,817 INFO L290 TraceCheckUtils]: 111: Hoare triple {29896#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {29896#false} is VALID [2022-02-20 18:04:52,817 INFO L290 TraceCheckUtils]: 112: Hoare triple {29896#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {29896#false} is VALID [2022-02-20 18:04:52,817 INFO L290 TraceCheckUtils]: 113: Hoare triple {29896#false} assume !(0 != test_~tmp___9~0#1); {29896#false} is VALID [2022-02-20 18:04:52,817 INFO L290 TraceCheckUtils]: 114: Hoare triple {29896#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {29896#false} is VALID [2022-02-20 18:04:52,817 INFO L290 TraceCheckUtils]: 115: Hoare triple {29896#false} assume 0 != test_~tmp___8~0#1; {29896#false} is VALID [2022-02-20 18:04:52,818 INFO L290 TraceCheckUtils]: 116: Hoare triple {29896#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {29896#false} is VALID [2022-02-20 18:04:52,818 INFO L290 TraceCheckUtils]: 117: Hoare triple {29896#false} test_~op2~0#1 := 1; {29896#false} is VALID [2022-02-20 18:04:52,818 INFO L290 TraceCheckUtils]: 118: Hoare triple {29896#false} assume !false; {29896#false} is VALID [2022-02-20 18:04:52,818 INFO L290 TraceCheckUtils]: 119: Hoare triple {29896#false} assume !(test_~splverifierCounter~0#1 < 4); {29896#false} is VALID [2022-02-20 18:04:52,818 INFO L290 TraceCheckUtils]: 120: Hoare triple {29896#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {29896#false} is VALID [2022-02-20 18:04:52,818 INFO L272 TraceCheckUtils]: 121: Hoare triple {29896#false} call sendEmail(~bob~0, ~rjh~0); {29896#false} is VALID [2022-02-20 18:04:52,818 INFO L290 TraceCheckUtils]: 122: Hoare triple {29896#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29896#false} is VALID [2022-02-20 18:04:52,818 INFO L272 TraceCheckUtils]: 123: Hoare triple {29896#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {29896#false} is VALID [2022-02-20 18:04:52,818 INFO L290 TraceCheckUtils]: 124: Hoare triple {29896#false} ~handle := #in~handle;~value := #in~value; {29896#false} is VALID [2022-02-20 18:04:52,819 INFO L290 TraceCheckUtils]: 125: Hoare triple {29896#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29896#false} is VALID [2022-02-20 18:04:52,819 INFO L290 TraceCheckUtils]: 126: Hoare triple {29896#false} assume true; {29896#false} is VALID [2022-02-20 18:04:52,819 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {29896#false} {29896#false} #1647#return; {29896#false} is VALID [2022-02-20 18:04:52,819 INFO L272 TraceCheckUtils]: 128: Hoare triple {29896#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {29896#false} is VALID [2022-02-20 18:04:52,819 INFO L290 TraceCheckUtils]: 129: Hoare triple {29896#false} ~handle := #in~handle;~value := #in~value; {29896#false} is VALID [2022-02-20 18:04:52,819 INFO L290 TraceCheckUtils]: 130: Hoare triple {29896#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29896#false} is VALID [2022-02-20 18:04:52,819 INFO L290 TraceCheckUtils]: 131: Hoare triple {29896#false} assume true; {29896#false} is VALID [2022-02-20 18:04:52,819 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {29896#false} {29896#false} #1649#return; {29896#false} is VALID [2022-02-20 18:04:52,820 INFO L290 TraceCheckUtils]: 133: Hoare triple {29896#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {29896#false} is VALID [2022-02-20 18:04:52,820 INFO L290 TraceCheckUtils]: 134: Hoare triple {29896#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {29896#false} is VALID [2022-02-20 18:04:52,820 INFO L272 TraceCheckUtils]: 135: Hoare triple {29896#false} call outgoing(~sender#1, ~email~0#1); {29896#false} is VALID [2022-02-20 18:04:52,820 INFO L290 TraceCheckUtils]: 136: Hoare triple {29896#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29896#false} is VALID [2022-02-20 18:04:52,820 INFO L290 TraceCheckUtils]: 137: Hoare triple {29896#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {29896#false} is VALID [2022-02-20 18:04:52,820 INFO L272 TraceCheckUtils]: 138: Hoare triple {29896#false} call outgoing__before__Sign(~client#1, ~msg#1); {29896#false} is VALID [2022-02-20 18:04:52,820 INFO L290 TraceCheckUtils]: 139: Hoare triple {29896#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29896#false} is VALID [2022-02-20 18:04:52,820 INFO L290 TraceCheckUtils]: 140: Hoare triple {29896#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {29896#false} is VALID [2022-02-20 18:04:52,821 INFO L272 TraceCheckUtils]: 141: Hoare triple {29896#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {29896#false} is VALID [2022-02-20 18:04:52,821 INFO L290 TraceCheckUtils]: 142: Hoare triple {29896#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29896#false} is VALID [2022-02-20 18:04:52,821 INFO L290 TraceCheckUtils]: 143: Hoare triple {29896#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret81#1, outgoing__role__Encrypt_#t~ret82#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~15#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~15#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {29896#false} is VALID [2022-02-20 18:04:52,821 INFO L272 TraceCheckUtils]: 144: Hoare triple {29896#false} call outgoing__role__Encrypt_#t~ret81#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {29896#false} is VALID [2022-02-20 18:04:52,821 INFO L290 TraceCheckUtils]: 145: Hoare triple {29896#false} ~handle := #in~handle;havoc ~retValue_acc~26; {29896#false} is VALID [2022-02-20 18:04:52,821 INFO L290 TraceCheckUtils]: 146: Hoare triple {29896#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {29896#false} is VALID [2022-02-20 18:04:52,821 INFO L290 TraceCheckUtils]: 147: Hoare triple {29896#false} assume true; {29896#false} is VALID [2022-02-20 18:04:52,821 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {29896#false} {29896#false} #1613#return; {29896#false} is VALID [2022-02-20 18:04:52,821 INFO L290 TraceCheckUtils]: 149: Hoare triple {29896#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret81#1 && outgoing__role__Encrypt_#t~ret81#1 <= 2147483647;outgoing__role__Encrypt_~tmp~15#1 := outgoing__role__Encrypt_#t~ret81#1;havoc outgoing__role__Encrypt_#t~ret81#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~15#1; {29896#false} is VALID [2022-02-20 18:04:52,822 INFO L272 TraceCheckUtils]: 150: Hoare triple {29896#false} call outgoing__role__Encrypt_#t~ret82#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {29896#false} is VALID [2022-02-20 18:04:52,822 INFO L290 TraceCheckUtils]: 151: Hoare triple {29896#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {29896#false} is VALID [2022-02-20 18:04:52,822 INFO L290 TraceCheckUtils]: 152: Hoare triple {29896#false} assume 1 == ~handle; {29896#false} is VALID [2022-02-20 18:04:52,822 INFO L290 TraceCheckUtils]: 153: Hoare triple {29896#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {29896#false} is VALID [2022-02-20 18:04:52,822 INFO L290 TraceCheckUtils]: 154: Hoare triple {29896#false} assume true; {29896#false} is VALID [2022-02-20 18:04:52,822 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {29896#false} {29896#false} #1615#return; {29896#false} is VALID [2022-02-20 18:04:52,822 INFO L290 TraceCheckUtils]: 156: Hoare triple {29896#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret82#1 && outgoing__role__Encrypt_#t~ret82#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret82#1;havoc outgoing__role__Encrypt_#t~ret82#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {29896#false} is VALID [2022-02-20 18:04:52,822 INFO L290 TraceCheckUtils]: 157: Hoare triple {29896#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {29896#false} is VALID [2022-02-20 18:04:52,823 INFO L272 TraceCheckUtils]: 158: Hoare triple {29896#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {29896#false} is VALID [2022-02-20 18:04:52,823 INFO L290 TraceCheckUtils]: 159: Hoare triple {29896#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {29896#false} is VALID [2022-02-20 18:04:52,823 INFO L290 TraceCheckUtils]: 160: Hoare triple {29896#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {29896#false} is VALID [2022-02-20 18:04:52,823 INFO L290 TraceCheckUtils]: 161: Hoare triple {29896#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {29896#false} is VALID [2022-02-20 18:04:52,823 INFO L272 TraceCheckUtils]: 162: Hoare triple {29896#false} call setEmailFrom(~msg#1, ~tmp~14#1); {29896#false} is VALID [2022-02-20 18:04:52,823 INFO L290 TraceCheckUtils]: 163: Hoare triple {29896#false} ~handle := #in~handle;~value := #in~value; {29896#false} is VALID [2022-02-20 18:04:52,823 INFO L290 TraceCheckUtils]: 164: Hoare triple {29896#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29896#false} is VALID [2022-02-20 18:04:52,824 INFO L290 TraceCheckUtils]: 165: Hoare triple {29896#false} assume true; {29896#false} is VALID [2022-02-20 18:04:52,824 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {29896#false} {29896#false} #1659#return; {29896#false} is VALID [2022-02-20 18:04:52,824 INFO L290 TraceCheckUtils]: 167: Hoare triple {29896#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {29896#false} is VALID [2022-02-20 18:04:52,824 INFO L290 TraceCheckUtils]: 168: Hoare triple {29896#false} assume 0 != ~in_encrypted~0; {29896#false} is VALID [2022-02-20 18:04:52,824 INFO L272 TraceCheckUtils]: 169: Hoare triple {29896#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {29896#false} is VALID [2022-02-20 18:04:52,824 INFO L290 TraceCheckUtils]: 170: Hoare triple {29896#false} ~handle := #in~handle;havoc ~retValue_acc~29; {29896#false} is VALID [2022-02-20 18:04:52,824 INFO L290 TraceCheckUtils]: 171: Hoare triple {29896#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {29896#false} is VALID [2022-02-20 18:04:52,824 INFO L290 TraceCheckUtils]: 172: Hoare triple {29896#false} assume true; {29896#false} is VALID [2022-02-20 18:04:52,824 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {29896#false} {29896#false} #1661#return; {29896#false} is VALID [2022-02-20 18:04:52,825 INFO L290 TraceCheckUtils]: 174: Hoare triple {29896#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {29896#false} is VALID [2022-02-20 18:04:52,825 INFO L290 TraceCheckUtils]: 175: Hoare triple {29896#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {29896#false} is VALID [2022-02-20 18:04:52,825 INFO L290 TraceCheckUtils]: 176: Hoare triple {29896#false} assume !false; {29896#false} is VALID [2022-02-20 18:04:52,825 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2022-02-20 18:04:52,825 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:52,826 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [338428397] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:52,826 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:52,826 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [12] total 18 [2022-02-20 18:04:52,826 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1422302891] [2022-02-20 18:04:52,826 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:52,827 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 177 [2022-02-20 18:04:52,827 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:52,827 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:04:52,912 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 156 edges. 156 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:52,912 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:04:52,912 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:52,913 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:04:52,913 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=267, Unknown=0, NotChecked=0, Total=306 [2022-02-20 18:04:52,913 INFO L87 Difference]: Start difference. First operand 684 states and 998 transitions. Second operand has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:04:54,755 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:54,755 INFO L93 Difference]: Finished difference Result 1315 states and 1933 transitions. [2022-02-20 18:04:54,755 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:04:54,756 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 177 [2022-02-20 18:04:54,756 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:54,756 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:04:54,767 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1635 transitions. [2022-02-20 18:04:54,767 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:04:54,778 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1635 transitions. [2022-02-20 18:04:54,778 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 1635 transitions. [2022-02-20 18:04:55,450 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1635 edges. 1635 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:55,470 INFO L225 Difference]: With dead ends: 1315 [2022-02-20 18:04:55,471 INFO L226 Difference]: Without dead ends: 686 [2022-02-20 18:04:55,472 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 231 GetRequests, 212 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 18 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=51, Invalid=369, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:04:55,472 INFO L933 BasicCegarLoop]: 837 mSDtfsCounter, 363 mSDsluCounter, 4613 mSDsCounter, 0 mSdLazyCounter, 75 mSolverCounterSat, 44 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 365 SdHoareTripleChecker+Valid, 5450 SdHoareTripleChecker+Invalid, 119 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 44 IncrementalHoareTripleChecker+Valid, 75 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:55,473 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [365 Valid, 5450 Invalid, 119 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [44 Valid, 75 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:04:55,473 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 686 states. [2022-02-20 18:04:55,568 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 686 to 686. [2022-02-20 18:04:55,569 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:55,570 INFO L82 GeneralOperation]: Start isEquivalent. First operand 686 states. Second operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 535 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 18:04:55,570 INFO L74 IsIncluded]: Start isIncluded. First operand 686 states. Second operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 535 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 18:04:55,572 INFO L87 Difference]: Start difference. First operand 686 states. Second operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 535 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 18:04:55,590 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:55,590 INFO L93 Difference]: Finished difference Result 686 states and 1001 transitions. [2022-02-20 18:04:55,590 INFO L276 IsEmpty]: Start isEmpty. Operand 686 states and 1001 transitions. [2022-02-20 18:04:55,591 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:55,592 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:55,593 INFO L74 IsIncluded]: Start isIncluded. First operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 535 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) Second operand 686 states. [2022-02-20 18:04:55,593 INFO L87 Difference]: Start difference. First operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 535 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) Second operand 686 states. [2022-02-20 18:04:55,611 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:55,612 INFO L93 Difference]: Finished difference Result 686 states and 1001 transitions. [2022-02-20 18:04:55,612 INFO L276 IsEmpty]: Start isEmpty. Operand 686 states and 1001 transitions. [2022-02-20 18:04:55,613 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:55,613 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:55,613 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:55,613 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:55,615 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 535 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 18:04:55,638 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 686 states to 686 states and 1001 transitions. [2022-02-20 18:04:55,638 INFO L78 Accepts]: Start accepts. Automaton has 686 states and 1001 transitions. Word has length 177 [2022-02-20 18:04:55,638 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:55,638 INFO L470 AbstractCegarLoop]: Abstraction has 686 states and 1001 transitions. [2022-02-20 18:04:55,639 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:04:55,639 INFO L276 IsEmpty]: Start isEmpty. Operand 686 states and 1001 transitions. [2022-02-20 18:04:55,640 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 179 [2022-02-20 18:04:55,641 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:55,641 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:55,664 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:04:55,865 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:55,865 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:55,865 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:55,866 INFO L85 PathProgramCache]: Analyzing trace with hash 555030901, now seen corresponding path program 1 times [2022-02-20 18:04:55,866 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:55,866 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1076621586] [2022-02-20 18:04:55,866 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:55,866 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:55,904 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,924 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:04:55,926 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,929 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:55,929 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:55,929 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34674#true} {34674#true} #1733#return; {34674#true} is VALID [2022-02-20 18:04:55,929 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:04:55,930 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,932 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:55,932 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:55,932 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34674#true} {34674#true} #1735#return; {34674#true} is VALID [2022-02-20 18:04:55,932 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:04:55,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,934 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:55,934 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:55,935 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34674#true} {34674#true} #1737#return; {34674#true} is VALID [2022-02-20 18:04:55,935 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:55,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,942 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:55,942 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:55,942 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34674#true} {34674#true} #1739#return; {34674#true} is VALID [2022-02-20 18:04:55,942 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:04:55,944 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,946 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:55,946 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:55,946 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34674#true} {34674#true} #1741#return; {34674#true} is VALID [2022-02-20 18:04:55,946 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:04:55,947 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,949 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:55,949 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:55,949 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34674#true} {34674#true} #1743#return; {34674#true} is VALID [2022-02-20 18:04:55,949 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:04:55,951 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,953 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:55,953 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:55,953 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34674#true} {34674#true} #1745#return; {34674#true} is VALID [2022-02-20 18:04:55,953 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:04:55,954 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,957 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:55,957 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:55,957 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34674#true} {34674#true} #1747#return; {34674#true} is VALID [2022-02-20 18:04:55,961 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:04:55,962 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,964 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:55,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,966 INFO L290 TraceCheckUtils]: 0: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:55,966 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:55,966 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:55,966 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34674#true} {34674#true} #1731#return; {34674#true} is VALID [2022-02-20 18:04:55,966 INFO L290 TraceCheckUtils]: 0: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {34674#true} is VALID [2022-02-20 18:04:55,967 INFO L272 TraceCheckUtils]: 1: Hoare triple {34674#true} call setClientId(~bob___0, ~bob___0); {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:55,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:55,967 INFO L290 TraceCheckUtils]: 3: Hoare triple {34674#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:55,967 INFO L290 TraceCheckUtils]: 4: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:55,967 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {34674#true} {34674#true} #1731#return; {34674#true} is VALID [2022-02-20 18:04:55,967 INFO L290 TraceCheckUtils]: 6: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:55,967 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {34674#true} {34674#true} #1749#return; {34674#true} is VALID [2022-02-20 18:04:55,974 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:04:55,975 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,977 INFO L290 TraceCheckUtils]: 0: Hoare triple {34768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:55,977 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:55,977 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:55,977 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34674#true} {34674#true} #1751#return; {34674#true} is VALID [2022-02-20 18:04:55,977 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:04:55,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:55,989 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:55,991 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,002 INFO L290 TraceCheckUtils]: 0: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34776#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:56,002 INFO L290 TraceCheckUtils]: 1: Hoare triple {34776#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34776#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:56,002 INFO L290 TraceCheckUtils]: 2: Hoare triple {34776#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34777#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:56,003 INFO L290 TraceCheckUtils]: 3: Hoare triple {34777#(= 2 |setClientId_#in~handle|)} assume true; {34777#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:56,003 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {34777#(= 2 |setClientId_#in~handle|)} {34769#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {34775#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:56,003 INFO L290 TraceCheckUtils]: 0: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {34769#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:56,004 INFO L272 TraceCheckUtils]: 1: Hoare triple {34769#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:56,004 INFO L290 TraceCheckUtils]: 2: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34776#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:56,005 INFO L290 TraceCheckUtils]: 3: Hoare triple {34776#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34776#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:56,005 INFO L290 TraceCheckUtils]: 4: Hoare triple {34776#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34777#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:56,005 INFO L290 TraceCheckUtils]: 5: Hoare triple {34777#(= 2 |setClientId_#in~handle|)} assume true; {34777#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:56,006 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {34777#(= 2 |setClientId_#in~handle|)} {34769#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {34775#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:56,006 INFO L290 TraceCheckUtils]: 7: Hoare triple {34775#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {34775#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:56,006 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {34775#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {34674#true} #1755#return; {34721#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 18:04:56,006 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:04:56,008 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,021 INFO L290 TraceCheckUtils]: 0: Hoare triple {34768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34778#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:56,021 INFO L290 TraceCheckUtils]: 1: Hoare triple {34778#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34779#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:56,021 INFO L290 TraceCheckUtils]: 2: Hoare triple {34779#(= |setClientPrivateKey_#in~handle| 1)} assume true; {34779#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:56,022 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34779#(= |setClientPrivateKey_#in~handle| 1)} {34721#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1757#return; {34675#false} is VALID [2022-02-20 18:04:56,022 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:04:56,023 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:04:56,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,027 INFO L290 TraceCheckUtils]: 0: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,027 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,027 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,027 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34674#true} {34674#true} #1625#return; {34674#true} is VALID [2022-02-20 18:04:56,027 INFO L290 TraceCheckUtils]: 0: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {34674#true} is VALID [2022-02-20 18:04:56,028 INFO L272 TraceCheckUtils]: 1: Hoare triple {34674#true} call setClientId(~chuck___0, ~chuck___0); {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:56,028 INFO L290 TraceCheckUtils]: 2: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,028 INFO L290 TraceCheckUtils]: 3: Hoare triple {34674#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,028 INFO L290 TraceCheckUtils]: 4: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,028 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {34674#true} {34674#true} #1625#return; {34674#true} is VALID [2022-02-20 18:04:56,028 INFO L290 TraceCheckUtils]: 6: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,028 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {34674#true} {34675#false} #1761#return; {34675#false} is VALID [2022-02-20 18:04:56,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:04:56,030 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {34768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,031 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34674#true} {34675#false} #1763#return; {34675#false} is VALID [2022-02-20 18:04:56,038 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 18:04:56,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {34784#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,042 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34674#true} {34675#false} #1647#return; {34675#false} is VALID [2022-02-20 18:04:56,049 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:04:56,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,053 INFO L290 TraceCheckUtils]: 0: Hoare triple {34785#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,053 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,053 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,053 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34674#true} {34675#false} #1649#return; {34675#false} is VALID [2022-02-20 18:04:56,053 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 145 [2022-02-20 18:04:56,054 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,055 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} ~handle := #in~handle;havoc ~retValue_acc~26; {34674#true} is VALID [2022-02-20 18:04:56,055 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {34674#true} is VALID [2022-02-20 18:04:56,055 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,055 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34674#true} {34675#false} #1613#return; {34675#false} is VALID [2022-02-20 18:04:56,056 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 151 [2022-02-20 18:04:56,057 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,065 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {34674#true} is VALID [2022-02-20 18:04:56,065 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume 1 == ~handle; {34674#true} is VALID [2022-02-20 18:04:56,065 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {34674#true} is VALID [2022-02-20 18:04:56,065 INFO L290 TraceCheckUtils]: 3: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,065 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {34674#true} {34675#false} #1615#return; {34675#false} is VALID [2022-02-20 18:04:56,066 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-02-20 18:04:56,066 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,068 INFO L290 TraceCheckUtils]: 0: Hoare triple {34784#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,068 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,068 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,068 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34674#true} {34675#false} #1659#return; {34675#false} is VALID [2022-02-20 18:04:56,068 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 170 [2022-02-20 18:04:56,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,070 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} ~handle := #in~handle;havoc ~retValue_acc~29; {34674#true} is VALID [2022-02-20 18:04:56,070 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {34674#true} is VALID [2022-02-20 18:04:56,070 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,070 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34674#true} {34675#false} #1661#return; {34675#false} is VALID [2022-02-20 18:04:56,070 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {34674#true} is VALID [2022-02-20 18:04:56,070 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {34674#true} is VALID [2022-02-20 18:04:56,071 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {34674#true} is VALID [2022-02-20 18:04:56,071 INFO L272 TraceCheckUtils]: 3: Hoare triple {34674#true} call select_features_#t~ret5#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,071 INFO L290 TraceCheckUtils]: 4: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,071 INFO L290 TraceCheckUtils]: 5: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,071 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {34674#true} {34674#true} #1733#return; {34674#true} is VALID [2022-02-20 18:04:56,071 INFO L290 TraceCheckUtils]: 7: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {34674#true} is VALID [2022-02-20 18:04:56,071 INFO L272 TraceCheckUtils]: 8: Hoare triple {34674#true} call select_features_#t~ret6#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,071 INFO L290 TraceCheckUtils]: 9: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,072 INFO L290 TraceCheckUtils]: 10: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,072 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {34674#true} {34674#true} #1735#return; {34674#true} is VALID [2022-02-20 18:04:56,072 INFO L290 TraceCheckUtils]: 12: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {34674#true} is VALID [2022-02-20 18:04:56,072 INFO L272 TraceCheckUtils]: 13: Hoare triple {34674#true} call select_features_#t~ret7#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,072 INFO L290 TraceCheckUtils]: 14: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,072 INFO L290 TraceCheckUtils]: 15: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,072 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {34674#true} {34674#true} #1737#return; {34674#true} is VALID [2022-02-20 18:04:56,072 INFO L290 TraceCheckUtils]: 17: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {34674#true} is VALID [2022-02-20 18:04:56,072 INFO L272 TraceCheckUtils]: 18: Hoare triple {34674#true} call select_features_#t~ret8#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,073 INFO L290 TraceCheckUtils]: 19: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,073 INFO L290 TraceCheckUtils]: 20: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,073 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {34674#true} {34674#true} #1739#return; {34674#true} is VALID [2022-02-20 18:04:56,073 INFO L290 TraceCheckUtils]: 22: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {34674#true} is VALID [2022-02-20 18:04:56,073 INFO L272 TraceCheckUtils]: 23: Hoare triple {34674#true} call select_features_#t~ret9#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,073 INFO L290 TraceCheckUtils]: 24: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,073 INFO L290 TraceCheckUtils]: 25: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,073 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {34674#true} {34674#true} #1741#return; {34674#true} is VALID [2022-02-20 18:04:56,073 INFO L290 TraceCheckUtils]: 27: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {34674#true} is VALID [2022-02-20 18:04:56,074 INFO L272 TraceCheckUtils]: 28: Hoare triple {34674#true} call select_features_#t~ret10#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,074 INFO L290 TraceCheckUtils]: 29: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,074 INFO L290 TraceCheckUtils]: 30: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,074 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {34674#true} {34674#true} #1743#return; {34674#true} is VALID [2022-02-20 18:04:56,074 INFO L290 TraceCheckUtils]: 32: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {34674#true} is VALID [2022-02-20 18:04:56,074 INFO L272 TraceCheckUtils]: 33: Hoare triple {34674#true} call select_features_#t~ret11#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,074 INFO L290 TraceCheckUtils]: 34: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,074 INFO L290 TraceCheckUtils]: 35: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,074 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {34674#true} {34674#true} #1745#return; {34674#true} is VALID [2022-02-20 18:04:56,075 INFO L290 TraceCheckUtils]: 37: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {34674#true} is VALID [2022-02-20 18:04:56,075 INFO L272 TraceCheckUtils]: 38: Hoare triple {34674#true} call select_features_#t~ret12#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,075 INFO L290 TraceCheckUtils]: 39: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,075 INFO L290 TraceCheckUtils]: 40: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,075 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {34674#true} {34674#true} #1747#return; {34674#true} is VALID [2022-02-20 18:04:56,075 INFO L290 TraceCheckUtils]: 42: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {34674#true} is VALID [2022-02-20 18:04:56,075 INFO L290 TraceCheckUtils]: 43: Hoare triple {34674#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {34674#true} is VALID [2022-02-20 18:04:56,075 INFO L290 TraceCheckUtils]: 44: Hoare triple {34674#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {34674#true} is VALID [2022-02-20 18:04:56,075 INFO L290 TraceCheckUtils]: 45: Hoare triple {34674#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {34674#true} is VALID [2022-02-20 18:04:56,076 INFO L290 TraceCheckUtils]: 46: Hoare triple {34674#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {34674#true} is VALID [2022-02-20 18:04:56,076 INFO L290 TraceCheckUtils]: 47: Hoare triple {34674#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {34674#true} is VALID [2022-02-20 18:04:56,076 INFO L290 TraceCheckUtils]: 48: Hoare triple {34674#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {34674#true} is VALID [2022-02-20 18:04:56,076 INFO L290 TraceCheckUtils]: 49: Hoare triple {34674#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {34674#true} is VALID [2022-02-20 18:04:56,076 INFO L290 TraceCheckUtils]: 50: Hoare triple {34674#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {34674#true} is VALID [2022-02-20 18:04:56,076 INFO L290 TraceCheckUtils]: 51: Hoare triple {34674#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {34674#true} is VALID [2022-02-20 18:04:56,076 INFO L290 TraceCheckUtils]: 52: Hoare triple {34674#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {34674#true} is VALID [2022-02-20 18:04:56,076 INFO L290 TraceCheckUtils]: 53: Hoare triple {34674#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {34674#true} is VALID [2022-02-20 18:04:56,076 INFO L290 TraceCheckUtils]: 54: Hoare triple {34674#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {34674#true} is VALID [2022-02-20 18:04:56,077 INFO L290 TraceCheckUtils]: 55: Hoare triple {34674#true} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {34674#true} is VALID [2022-02-20 18:04:56,077 INFO L290 TraceCheckUtils]: 56: Hoare triple {34674#true} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {34674#true} is VALID [2022-02-20 18:04:56,077 INFO L290 TraceCheckUtils]: 57: Hoare triple {34674#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {34674#true} is VALID [2022-02-20 18:04:56,077 INFO L272 TraceCheckUtils]: 58: Hoare triple {34674#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:56,077 INFO L290 TraceCheckUtils]: 59: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {34674#true} is VALID [2022-02-20 18:04:56,078 INFO L272 TraceCheckUtils]: 60: Hoare triple {34674#true} call setClientId(~bob___0, ~bob___0); {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:56,078 INFO L290 TraceCheckUtils]: 61: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,078 INFO L290 TraceCheckUtils]: 62: Hoare triple {34674#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,078 INFO L290 TraceCheckUtils]: 63: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,078 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {34674#true} {34674#true} #1731#return; {34674#true} is VALID [2022-02-20 18:04:56,079 INFO L290 TraceCheckUtils]: 65: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,079 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {34674#true} {34674#true} #1749#return; {34674#true} is VALID [2022-02-20 18:04:56,079 INFO L272 TraceCheckUtils]: 67: Hoare triple {34674#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {34768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:56,079 INFO L290 TraceCheckUtils]: 68: Hoare triple {34768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,079 INFO L290 TraceCheckUtils]: 69: Hoare triple {34674#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,080 INFO L290 TraceCheckUtils]: 70: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,080 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {34674#true} {34674#true} #1751#return; {34674#true} is VALID [2022-02-20 18:04:56,080 INFO L290 TraceCheckUtils]: 72: Hoare triple {34674#true} assume { :end_inline_setup_bob__role__Keys } true; {34674#true} is VALID [2022-02-20 18:04:56,080 INFO L290 TraceCheckUtils]: 73: Hoare triple {34674#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {34674#true} is VALID [2022-02-20 18:04:56,080 INFO L290 TraceCheckUtils]: 74: Hoare triple {34674#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {34674#true} is VALID [2022-02-20 18:04:56,080 INFO L272 TraceCheckUtils]: 75: Hoare triple {34674#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:56,081 INFO L290 TraceCheckUtils]: 76: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {34769#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:56,081 INFO L272 TraceCheckUtils]: 77: Hoare triple {34769#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:56,082 INFO L290 TraceCheckUtils]: 78: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34776#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:56,082 INFO L290 TraceCheckUtils]: 79: Hoare triple {34776#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34776#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:56,082 INFO L290 TraceCheckUtils]: 80: Hoare triple {34776#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34777#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:56,083 INFO L290 TraceCheckUtils]: 81: Hoare triple {34777#(= 2 |setClientId_#in~handle|)} assume true; {34777#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:56,083 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {34777#(= 2 |setClientId_#in~handle|)} {34769#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {34775#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:56,083 INFO L290 TraceCheckUtils]: 83: Hoare triple {34775#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {34775#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:04:56,084 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {34775#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {34674#true} #1755#return; {34721#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 18:04:56,084 INFO L272 TraceCheckUtils]: 85: Hoare triple {34721#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {34768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:56,084 INFO L290 TraceCheckUtils]: 86: Hoare triple {34768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34778#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:56,085 INFO L290 TraceCheckUtils]: 87: Hoare triple {34778#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34779#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:56,085 INFO L290 TraceCheckUtils]: 88: Hoare triple {34779#(= |setClientPrivateKey_#in~handle| 1)} assume true; {34779#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:56,085 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {34779#(= |setClientPrivateKey_#in~handle| 1)} {34721#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1757#return; {34675#false} is VALID [2022-02-20 18:04:56,086 INFO L290 TraceCheckUtils]: 90: Hoare triple {34675#false} assume { :end_inline_setup_rjh__role__Keys } true; {34675#false} is VALID [2022-02-20 18:04:56,086 INFO L290 TraceCheckUtils]: 91: Hoare triple {34675#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {34675#false} is VALID [2022-02-20 18:04:56,086 INFO L290 TraceCheckUtils]: 92: Hoare triple {34675#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {34675#false} is VALID [2022-02-20 18:04:56,086 INFO L272 TraceCheckUtils]: 93: Hoare triple {34675#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:56,086 INFO L290 TraceCheckUtils]: 94: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {34674#true} is VALID [2022-02-20 18:04:56,087 INFO L272 TraceCheckUtils]: 95: Hoare triple {34674#true} call setClientId(~chuck___0, ~chuck___0); {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:56,087 INFO L290 TraceCheckUtils]: 96: Hoare triple {34763#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,087 INFO L290 TraceCheckUtils]: 97: Hoare triple {34674#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,087 INFO L290 TraceCheckUtils]: 98: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,087 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {34674#true} {34674#true} #1625#return; {34674#true} is VALID [2022-02-20 18:04:56,087 INFO L290 TraceCheckUtils]: 100: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,087 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {34674#true} {34675#false} #1761#return; {34675#false} is VALID [2022-02-20 18:04:56,087 INFO L272 TraceCheckUtils]: 102: Hoare triple {34675#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {34768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:56,087 INFO L290 TraceCheckUtils]: 103: Hoare triple {34768#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,088 INFO L290 TraceCheckUtils]: 104: Hoare triple {34674#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,088 INFO L290 TraceCheckUtils]: 105: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,088 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {34674#true} {34675#false} #1763#return; {34675#false} is VALID [2022-02-20 18:04:56,088 INFO L290 TraceCheckUtils]: 107: Hoare triple {34675#false} assume { :end_inline_setup_chuck__role__Keys } true; {34675#false} is VALID [2022-02-20 18:04:56,088 INFO L290 TraceCheckUtils]: 108: Hoare triple {34675#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {34675#false} is VALID [2022-02-20 18:04:56,088 INFO L290 TraceCheckUtils]: 109: Hoare triple {34675#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {34675#false} is VALID [2022-02-20 18:04:56,088 INFO L290 TraceCheckUtils]: 110: Hoare triple {34675#false} assume !false; {34675#false} is VALID [2022-02-20 18:04:56,088 INFO L290 TraceCheckUtils]: 111: Hoare triple {34675#false} assume test_~splverifierCounter~0#1 < 4; {34675#false} is VALID [2022-02-20 18:04:56,088 INFO L290 TraceCheckUtils]: 112: Hoare triple {34675#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {34675#false} is VALID [2022-02-20 18:04:56,089 INFO L290 TraceCheckUtils]: 113: Hoare triple {34675#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {34675#false} is VALID [2022-02-20 18:04:56,089 INFO L290 TraceCheckUtils]: 114: Hoare triple {34675#false} assume !(0 != test_~tmp___9~0#1); {34675#false} is VALID [2022-02-20 18:04:56,089 INFO L290 TraceCheckUtils]: 115: Hoare triple {34675#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {34675#false} is VALID [2022-02-20 18:04:56,089 INFO L290 TraceCheckUtils]: 116: Hoare triple {34675#false} assume 0 != test_~tmp___8~0#1; {34675#false} is VALID [2022-02-20 18:04:56,089 INFO L290 TraceCheckUtils]: 117: Hoare triple {34675#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {34675#false} is VALID [2022-02-20 18:04:56,089 INFO L290 TraceCheckUtils]: 118: Hoare triple {34675#false} test_~op2~0#1 := 1; {34675#false} is VALID [2022-02-20 18:04:56,089 INFO L290 TraceCheckUtils]: 119: Hoare triple {34675#false} assume !false; {34675#false} is VALID [2022-02-20 18:04:56,089 INFO L290 TraceCheckUtils]: 120: Hoare triple {34675#false} assume !(test_~splverifierCounter~0#1 < 4); {34675#false} is VALID [2022-02-20 18:04:56,089 INFO L290 TraceCheckUtils]: 121: Hoare triple {34675#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {34675#false} is VALID [2022-02-20 18:04:56,090 INFO L272 TraceCheckUtils]: 122: Hoare triple {34675#false} call sendEmail(~bob~0, ~rjh~0); {34675#false} is VALID [2022-02-20 18:04:56,090 INFO L290 TraceCheckUtils]: 123: Hoare triple {34675#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {34675#false} is VALID [2022-02-20 18:04:56,090 INFO L272 TraceCheckUtils]: 124: Hoare triple {34675#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {34784#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:56,090 INFO L290 TraceCheckUtils]: 125: Hoare triple {34784#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,090 INFO L290 TraceCheckUtils]: 126: Hoare triple {34674#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,090 INFO L290 TraceCheckUtils]: 127: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,090 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {34674#true} {34675#false} #1647#return; {34675#false} is VALID [2022-02-20 18:04:56,090 INFO L272 TraceCheckUtils]: 129: Hoare triple {34675#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {34785#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:56,091 INFO L290 TraceCheckUtils]: 130: Hoare triple {34785#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,091 INFO L290 TraceCheckUtils]: 131: Hoare triple {34674#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,091 INFO L290 TraceCheckUtils]: 132: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,091 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {34674#true} {34675#false} #1649#return; {34675#false} is VALID [2022-02-20 18:04:56,091 INFO L290 TraceCheckUtils]: 134: Hoare triple {34675#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {34675#false} is VALID [2022-02-20 18:04:56,091 INFO L290 TraceCheckUtils]: 135: Hoare triple {34675#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {34675#false} is VALID [2022-02-20 18:04:56,091 INFO L272 TraceCheckUtils]: 136: Hoare triple {34675#false} call outgoing(~sender#1, ~email~0#1); {34675#false} is VALID [2022-02-20 18:04:56,091 INFO L290 TraceCheckUtils]: 137: Hoare triple {34675#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34675#false} is VALID [2022-02-20 18:04:56,091 INFO L290 TraceCheckUtils]: 138: Hoare triple {34675#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {34675#false} is VALID [2022-02-20 18:04:56,092 INFO L272 TraceCheckUtils]: 139: Hoare triple {34675#false} call outgoing__before__Sign(~client#1, ~msg#1); {34675#false} is VALID [2022-02-20 18:04:56,092 INFO L290 TraceCheckUtils]: 140: Hoare triple {34675#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34675#false} is VALID [2022-02-20 18:04:56,092 INFO L290 TraceCheckUtils]: 141: Hoare triple {34675#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {34675#false} is VALID [2022-02-20 18:04:56,092 INFO L272 TraceCheckUtils]: 142: Hoare triple {34675#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {34675#false} is VALID [2022-02-20 18:04:56,092 INFO L290 TraceCheckUtils]: 143: Hoare triple {34675#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34675#false} is VALID [2022-02-20 18:04:56,092 INFO L290 TraceCheckUtils]: 144: Hoare triple {34675#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret81#1, outgoing__role__Encrypt_#t~ret82#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~15#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~15#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {34675#false} is VALID [2022-02-20 18:04:56,092 INFO L272 TraceCheckUtils]: 145: Hoare triple {34675#false} call outgoing__role__Encrypt_#t~ret81#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {34674#true} is VALID [2022-02-20 18:04:56,092 INFO L290 TraceCheckUtils]: 146: Hoare triple {34674#true} ~handle := #in~handle;havoc ~retValue_acc~26; {34674#true} is VALID [2022-02-20 18:04:56,092 INFO L290 TraceCheckUtils]: 147: Hoare triple {34674#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {34674#true} is VALID [2022-02-20 18:04:56,093 INFO L290 TraceCheckUtils]: 148: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,093 INFO L284 TraceCheckUtils]: 149: Hoare quadruple {34674#true} {34675#false} #1613#return; {34675#false} is VALID [2022-02-20 18:04:56,093 INFO L290 TraceCheckUtils]: 150: Hoare triple {34675#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret81#1 && outgoing__role__Encrypt_#t~ret81#1 <= 2147483647;outgoing__role__Encrypt_~tmp~15#1 := outgoing__role__Encrypt_#t~ret81#1;havoc outgoing__role__Encrypt_#t~ret81#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~15#1; {34675#false} is VALID [2022-02-20 18:04:56,093 INFO L272 TraceCheckUtils]: 151: Hoare triple {34675#false} call outgoing__role__Encrypt_#t~ret82#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {34674#true} is VALID [2022-02-20 18:04:56,093 INFO L290 TraceCheckUtils]: 152: Hoare triple {34674#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {34674#true} is VALID [2022-02-20 18:04:56,093 INFO L290 TraceCheckUtils]: 153: Hoare triple {34674#true} assume 1 == ~handle; {34674#true} is VALID [2022-02-20 18:04:56,093 INFO L290 TraceCheckUtils]: 154: Hoare triple {34674#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {34674#true} is VALID [2022-02-20 18:04:56,093 INFO L290 TraceCheckUtils]: 155: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,093 INFO L284 TraceCheckUtils]: 156: Hoare quadruple {34674#true} {34675#false} #1615#return; {34675#false} is VALID [2022-02-20 18:04:56,094 INFO L290 TraceCheckUtils]: 157: Hoare triple {34675#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret82#1 && outgoing__role__Encrypt_#t~ret82#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret82#1;havoc outgoing__role__Encrypt_#t~ret82#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {34675#false} is VALID [2022-02-20 18:04:56,094 INFO L290 TraceCheckUtils]: 158: Hoare triple {34675#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {34675#false} is VALID [2022-02-20 18:04:56,094 INFO L272 TraceCheckUtils]: 159: Hoare triple {34675#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {34675#false} is VALID [2022-02-20 18:04:56,094 INFO L290 TraceCheckUtils]: 160: Hoare triple {34675#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {34675#false} is VALID [2022-02-20 18:04:56,094 INFO L290 TraceCheckUtils]: 161: Hoare triple {34675#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {34675#false} is VALID [2022-02-20 18:04:56,094 INFO L290 TraceCheckUtils]: 162: Hoare triple {34675#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {34675#false} is VALID [2022-02-20 18:04:56,094 INFO L272 TraceCheckUtils]: 163: Hoare triple {34675#false} call setEmailFrom(~msg#1, ~tmp~14#1); {34784#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:56,094 INFO L290 TraceCheckUtils]: 164: Hoare triple {34784#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,094 INFO L290 TraceCheckUtils]: 165: Hoare triple {34674#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,095 INFO L290 TraceCheckUtils]: 166: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,095 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {34674#true} {34675#false} #1659#return; {34675#false} is VALID [2022-02-20 18:04:56,095 INFO L290 TraceCheckUtils]: 168: Hoare triple {34675#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {34675#false} is VALID [2022-02-20 18:04:56,095 INFO L290 TraceCheckUtils]: 169: Hoare triple {34675#false} assume 0 != ~in_encrypted~0; {34675#false} is VALID [2022-02-20 18:04:56,095 INFO L272 TraceCheckUtils]: 170: Hoare triple {34675#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {34674#true} is VALID [2022-02-20 18:04:56,095 INFO L290 TraceCheckUtils]: 171: Hoare triple {34674#true} ~handle := #in~handle;havoc ~retValue_acc~29; {34674#true} is VALID [2022-02-20 18:04:56,095 INFO L290 TraceCheckUtils]: 172: Hoare triple {34674#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {34674#true} is VALID [2022-02-20 18:04:56,095 INFO L290 TraceCheckUtils]: 173: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,096 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {34674#true} {34675#false} #1661#return; {34675#false} is VALID [2022-02-20 18:04:56,096 INFO L290 TraceCheckUtils]: 175: Hoare triple {34675#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {34675#false} is VALID [2022-02-20 18:04:56,096 INFO L290 TraceCheckUtils]: 176: Hoare triple {34675#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {34675#false} is VALID [2022-02-20 18:04:56,096 INFO L290 TraceCheckUtils]: 177: Hoare triple {34675#false} assume !false; {34675#false} is VALID [2022-02-20 18:04:56,096 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 102 trivial. 0 not checked. [2022-02-20 18:04:56,096 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:56,097 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1076621586] [2022-02-20 18:04:56,097 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1076621586] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:04:56,097 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [90513233] [2022-02-20 18:04:56,097 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:56,097 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:56,097 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:04:56,112 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:04:56,113 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:04:56,371 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,375 INFO L263 TraceCheckSpWp]: Trace formula consists of 1475 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:04:56,416 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:56,418 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:04:56,742 INFO L290 TraceCheckUtils]: 0: Hoare triple {34674#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {34674#true} is VALID [2022-02-20 18:04:56,742 INFO L290 TraceCheckUtils]: 1: Hoare triple {34674#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {34674#true} is VALID [2022-02-20 18:04:56,743 INFO L290 TraceCheckUtils]: 2: Hoare triple {34674#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {34674#true} is VALID [2022-02-20 18:04:56,743 INFO L272 TraceCheckUtils]: 3: Hoare triple {34674#true} call select_features_#t~ret5#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,744 INFO L290 TraceCheckUtils]: 4: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,744 INFO L290 TraceCheckUtils]: 5: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,744 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {34674#true} {34674#true} #1733#return; {34674#true} is VALID [2022-02-20 18:04:56,745 INFO L290 TraceCheckUtils]: 7: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {34674#true} is VALID [2022-02-20 18:04:56,745 INFO L272 TraceCheckUtils]: 8: Hoare triple {34674#true} call select_features_#t~ret6#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,745 INFO L290 TraceCheckUtils]: 9: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,745 INFO L290 TraceCheckUtils]: 10: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,745 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {34674#true} {34674#true} #1735#return; {34674#true} is VALID [2022-02-20 18:04:56,745 INFO L290 TraceCheckUtils]: 12: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {34674#true} is VALID [2022-02-20 18:04:56,745 INFO L272 TraceCheckUtils]: 13: Hoare triple {34674#true} call select_features_#t~ret7#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,746 INFO L290 TraceCheckUtils]: 14: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,746 INFO L290 TraceCheckUtils]: 15: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,746 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {34674#true} {34674#true} #1737#return; {34674#true} is VALID [2022-02-20 18:04:56,746 INFO L290 TraceCheckUtils]: 17: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {34674#true} is VALID [2022-02-20 18:04:56,746 INFO L272 TraceCheckUtils]: 18: Hoare triple {34674#true} call select_features_#t~ret8#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,746 INFO L290 TraceCheckUtils]: 19: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,746 INFO L290 TraceCheckUtils]: 20: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,747 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {34674#true} {34674#true} #1739#return; {34674#true} is VALID [2022-02-20 18:04:56,747 INFO L290 TraceCheckUtils]: 22: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {34674#true} is VALID [2022-02-20 18:04:56,747 INFO L272 TraceCheckUtils]: 23: Hoare triple {34674#true} call select_features_#t~ret9#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,747 INFO L290 TraceCheckUtils]: 24: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,747 INFO L290 TraceCheckUtils]: 25: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,747 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {34674#true} {34674#true} #1741#return; {34674#true} is VALID [2022-02-20 18:04:56,747 INFO L290 TraceCheckUtils]: 27: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {34674#true} is VALID [2022-02-20 18:04:56,747 INFO L272 TraceCheckUtils]: 28: Hoare triple {34674#true} call select_features_#t~ret10#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,748 INFO L290 TraceCheckUtils]: 29: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,748 INFO L290 TraceCheckUtils]: 30: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,748 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {34674#true} {34674#true} #1743#return; {34674#true} is VALID [2022-02-20 18:04:56,748 INFO L290 TraceCheckUtils]: 32: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {34674#true} is VALID [2022-02-20 18:04:56,748 INFO L272 TraceCheckUtils]: 33: Hoare triple {34674#true} call select_features_#t~ret11#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,748 INFO L290 TraceCheckUtils]: 34: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,748 INFO L290 TraceCheckUtils]: 35: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,749 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {34674#true} {34674#true} #1745#return; {34674#true} is VALID [2022-02-20 18:04:56,749 INFO L290 TraceCheckUtils]: 37: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {34674#true} is VALID [2022-02-20 18:04:56,749 INFO L272 TraceCheckUtils]: 38: Hoare triple {34674#true} call select_features_#t~ret12#1 := select_one(); {34674#true} is VALID [2022-02-20 18:04:56,749 INFO L290 TraceCheckUtils]: 39: Hoare triple {34674#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {34674#true} is VALID [2022-02-20 18:04:56,749 INFO L290 TraceCheckUtils]: 40: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,749 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {34674#true} {34674#true} #1747#return; {34674#true} is VALID [2022-02-20 18:04:56,749 INFO L290 TraceCheckUtils]: 42: Hoare triple {34674#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {34674#true} is VALID [2022-02-20 18:04:56,749 INFO L290 TraceCheckUtils]: 43: Hoare triple {34674#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {34674#true} is VALID [2022-02-20 18:04:56,750 INFO L290 TraceCheckUtils]: 44: Hoare triple {34674#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {34674#true} is VALID [2022-02-20 18:04:56,750 INFO L290 TraceCheckUtils]: 45: Hoare triple {34674#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {34674#true} is VALID [2022-02-20 18:04:56,750 INFO L290 TraceCheckUtils]: 46: Hoare triple {34674#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {34674#true} is VALID [2022-02-20 18:04:56,750 INFO L290 TraceCheckUtils]: 47: Hoare triple {34674#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {34674#true} is VALID [2022-02-20 18:04:56,750 INFO L290 TraceCheckUtils]: 48: Hoare triple {34674#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {34674#true} is VALID [2022-02-20 18:04:56,750 INFO L290 TraceCheckUtils]: 49: Hoare triple {34674#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {34674#true} is VALID [2022-02-20 18:04:56,750 INFO L290 TraceCheckUtils]: 50: Hoare triple {34674#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {34674#true} is VALID [2022-02-20 18:04:56,751 INFO L290 TraceCheckUtils]: 51: Hoare triple {34674#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {34674#true} is VALID [2022-02-20 18:04:56,751 INFO L290 TraceCheckUtils]: 52: Hoare triple {34674#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {34674#true} is VALID [2022-02-20 18:04:56,751 INFO L290 TraceCheckUtils]: 53: Hoare triple {34674#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {34674#true} is VALID [2022-02-20 18:04:56,751 INFO L290 TraceCheckUtils]: 54: Hoare triple {34674#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {34674#true} is VALID [2022-02-20 18:04:56,751 INFO L290 TraceCheckUtils]: 55: Hoare triple {34674#true} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {34674#true} is VALID [2022-02-20 18:04:56,751 INFO L290 TraceCheckUtils]: 56: Hoare triple {34674#true} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {34674#true} is VALID [2022-02-20 18:04:56,751 INFO L290 TraceCheckUtils]: 57: Hoare triple {34674#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {34674#true} is VALID [2022-02-20 18:04:56,752 INFO L272 TraceCheckUtils]: 58: Hoare triple {34674#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {34674#true} is VALID [2022-02-20 18:04:56,752 INFO L290 TraceCheckUtils]: 59: Hoare triple {34674#true} ~bob___0 := #in~bob___0; {34674#true} is VALID [2022-02-20 18:04:56,752 INFO L272 TraceCheckUtils]: 60: Hoare triple {34674#true} call setClientId(~bob___0, ~bob___0); {34674#true} is VALID [2022-02-20 18:04:56,752 INFO L290 TraceCheckUtils]: 61: Hoare triple {34674#true} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,752 INFO L290 TraceCheckUtils]: 62: Hoare triple {34674#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,752 INFO L290 TraceCheckUtils]: 63: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,752 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {34674#true} {34674#true} #1731#return; {34674#true} is VALID [2022-02-20 18:04:56,752 INFO L290 TraceCheckUtils]: 65: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,753 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {34674#true} {34674#true} #1749#return; {34674#true} is VALID [2022-02-20 18:04:56,753 INFO L272 TraceCheckUtils]: 67: Hoare triple {34674#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {34674#true} is VALID [2022-02-20 18:04:56,753 INFO L290 TraceCheckUtils]: 68: Hoare triple {34674#true} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,753 INFO L290 TraceCheckUtils]: 69: Hoare triple {34674#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,753 INFO L290 TraceCheckUtils]: 70: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,753 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {34674#true} {34674#true} #1751#return; {34674#true} is VALID [2022-02-20 18:04:56,753 INFO L290 TraceCheckUtils]: 72: Hoare triple {34674#true} assume { :end_inline_setup_bob__role__Keys } true; {34674#true} is VALID [2022-02-20 18:04:56,754 INFO L290 TraceCheckUtils]: 73: Hoare triple {34674#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {35008#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:04:56,754 INFO L290 TraceCheckUtils]: 74: Hoare triple {35008#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {35012#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:04:56,754 INFO L272 TraceCheckUtils]: 75: Hoare triple {35012#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {34674#true} is VALID [2022-02-20 18:04:56,755 INFO L290 TraceCheckUtils]: 76: Hoare triple {34674#true} ~rjh___0 := #in~rjh___0; {34674#true} is VALID [2022-02-20 18:04:56,755 INFO L272 TraceCheckUtils]: 77: Hoare triple {34674#true} call setClientId(~rjh___0, ~rjh___0); {34674#true} is VALID [2022-02-20 18:04:56,755 INFO L290 TraceCheckUtils]: 78: Hoare triple {34674#true} ~handle := #in~handle;~value := #in~value; {34674#true} is VALID [2022-02-20 18:04:56,755 INFO L290 TraceCheckUtils]: 79: Hoare triple {34674#true} assume !(1 == ~handle); {34674#true} is VALID [2022-02-20 18:04:56,755 INFO L290 TraceCheckUtils]: 80: Hoare triple {34674#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34674#true} is VALID [2022-02-20 18:04:56,755 INFO L290 TraceCheckUtils]: 81: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,755 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {34674#true} {34674#true} #1683#return; {34674#true} is VALID [2022-02-20 18:04:56,755 INFO L290 TraceCheckUtils]: 83: Hoare triple {34674#true} assume true; {34674#true} is VALID [2022-02-20 18:04:56,756 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {34674#true} {35012#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1755#return; {35012#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:04:56,756 INFO L272 TraceCheckUtils]: 85: Hoare triple {35012#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {34674#true} is VALID [2022-02-20 18:04:56,756 INFO L290 TraceCheckUtils]: 86: Hoare triple {34674#true} ~handle := #in~handle;~value := #in~value; {35049#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:04:56,757 INFO L290 TraceCheckUtils]: 87: Hoare triple {35049#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35053#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:56,757 INFO L290 TraceCheckUtils]: 88: Hoare triple {35053#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {35053#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:56,758 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {35053#(<= |setClientPrivateKey_#in~handle| 1)} {35012#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1757#return; {34675#false} is VALID [2022-02-20 18:04:56,758 INFO L290 TraceCheckUtils]: 90: Hoare triple {34675#false} assume { :end_inline_setup_rjh__role__Keys } true; {34675#false} is VALID [2022-02-20 18:04:56,758 INFO L290 TraceCheckUtils]: 91: Hoare triple {34675#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {34675#false} is VALID [2022-02-20 18:04:56,758 INFO L290 TraceCheckUtils]: 92: Hoare triple {34675#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {34675#false} is VALID [2022-02-20 18:04:56,758 INFO L272 TraceCheckUtils]: 93: Hoare triple {34675#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {34675#false} is VALID [2022-02-20 18:04:56,758 INFO L290 TraceCheckUtils]: 94: Hoare triple {34675#false} ~chuck___0 := #in~chuck___0; {34675#false} is VALID [2022-02-20 18:04:56,758 INFO L272 TraceCheckUtils]: 95: Hoare triple {34675#false} call setClientId(~chuck___0, ~chuck___0); {34675#false} is VALID [2022-02-20 18:04:56,759 INFO L290 TraceCheckUtils]: 96: Hoare triple {34675#false} ~handle := #in~handle;~value := #in~value; {34675#false} is VALID [2022-02-20 18:04:56,759 INFO L290 TraceCheckUtils]: 97: Hoare triple {34675#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34675#false} is VALID [2022-02-20 18:04:56,759 INFO L290 TraceCheckUtils]: 98: Hoare triple {34675#false} assume true; {34675#false} is VALID [2022-02-20 18:04:56,759 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {34675#false} {34675#false} #1625#return; {34675#false} is VALID [2022-02-20 18:04:56,759 INFO L290 TraceCheckUtils]: 100: Hoare triple {34675#false} assume true; {34675#false} is VALID [2022-02-20 18:04:56,759 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {34675#false} {34675#false} #1761#return; {34675#false} is VALID [2022-02-20 18:04:56,760 INFO L272 TraceCheckUtils]: 102: Hoare triple {34675#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {34675#false} is VALID [2022-02-20 18:04:56,760 INFO L290 TraceCheckUtils]: 103: Hoare triple {34675#false} ~handle := #in~handle;~value := #in~value; {34675#false} is VALID [2022-02-20 18:04:56,760 INFO L290 TraceCheckUtils]: 104: Hoare triple {34675#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34675#false} is VALID [2022-02-20 18:04:56,760 INFO L290 TraceCheckUtils]: 105: Hoare triple {34675#false} assume true; {34675#false} is VALID [2022-02-20 18:04:56,760 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {34675#false} {34675#false} #1763#return; {34675#false} is VALID [2022-02-20 18:04:56,760 INFO L290 TraceCheckUtils]: 107: Hoare triple {34675#false} assume { :end_inline_setup_chuck__role__Keys } true; {34675#false} is VALID [2022-02-20 18:04:56,760 INFO L290 TraceCheckUtils]: 108: Hoare triple {34675#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {34675#false} is VALID [2022-02-20 18:04:56,761 INFO L290 TraceCheckUtils]: 109: Hoare triple {34675#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {34675#false} is VALID [2022-02-20 18:04:56,761 INFO L290 TraceCheckUtils]: 110: Hoare triple {34675#false} assume !false; {34675#false} is VALID [2022-02-20 18:04:56,761 INFO L290 TraceCheckUtils]: 111: Hoare triple {34675#false} assume test_~splverifierCounter~0#1 < 4; {34675#false} is VALID [2022-02-20 18:04:56,761 INFO L290 TraceCheckUtils]: 112: Hoare triple {34675#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {34675#false} is VALID [2022-02-20 18:04:56,761 INFO L290 TraceCheckUtils]: 113: Hoare triple {34675#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {34675#false} is VALID [2022-02-20 18:04:56,761 INFO L290 TraceCheckUtils]: 114: Hoare triple {34675#false} assume !(0 != test_~tmp___9~0#1); {34675#false} is VALID [2022-02-20 18:04:56,761 INFO L290 TraceCheckUtils]: 115: Hoare triple {34675#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {34675#false} is VALID [2022-02-20 18:04:56,762 INFO L290 TraceCheckUtils]: 116: Hoare triple {34675#false} assume 0 != test_~tmp___8~0#1; {34675#false} is VALID [2022-02-20 18:04:56,762 INFO L290 TraceCheckUtils]: 117: Hoare triple {34675#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {34675#false} is VALID [2022-02-20 18:04:56,762 INFO L290 TraceCheckUtils]: 118: Hoare triple {34675#false} test_~op2~0#1 := 1; {34675#false} is VALID [2022-02-20 18:04:56,762 INFO L290 TraceCheckUtils]: 119: Hoare triple {34675#false} assume !false; {34675#false} is VALID [2022-02-20 18:04:56,762 INFO L290 TraceCheckUtils]: 120: Hoare triple {34675#false} assume !(test_~splverifierCounter~0#1 < 4); {34675#false} is VALID [2022-02-20 18:04:56,762 INFO L290 TraceCheckUtils]: 121: Hoare triple {34675#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {34675#false} is VALID [2022-02-20 18:04:56,762 INFO L272 TraceCheckUtils]: 122: Hoare triple {34675#false} call sendEmail(~bob~0, ~rjh~0); {34675#false} is VALID [2022-02-20 18:04:56,762 INFO L290 TraceCheckUtils]: 123: Hoare triple {34675#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {34675#false} is VALID [2022-02-20 18:04:56,763 INFO L272 TraceCheckUtils]: 124: Hoare triple {34675#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {34675#false} is VALID [2022-02-20 18:04:56,763 INFO L290 TraceCheckUtils]: 125: Hoare triple {34675#false} ~handle := #in~handle;~value := #in~value; {34675#false} is VALID [2022-02-20 18:04:56,763 INFO L290 TraceCheckUtils]: 126: Hoare triple {34675#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34675#false} is VALID [2022-02-20 18:04:56,763 INFO L290 TraceCheckUtils]: 127: Hoare triple {34675#false} assume true; {34675#false} is VALID [2022-02-20 18:04:56,763 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {34675#false} {34675#false} #1647#return; {34675#false} is VALID [2022-02-20 18:04:56,763 INFO L272 TraceCheckUtils]: 129: Hoare triple {34675#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {34675#false} is VALID [2022-02-20 18:04:56,763 INFO L290 TraceCheckUtils]: 130: Hoare triple {34675#false} ~handle := #in~handle;~value := #in~value; {34675#false} is VALID [2022-02-20 18:04:56,764 INFO L290 TraceCheckUtils]: 131: Hoare triple {34675#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34675#false} is VALID [2022-02-20 18:04:56,764 INFO L290 TraceCheckUtils]: 132: Hoare triple {34675#false} assume true; {34675#false} is VALID [2022-02-20 18:04:56,764 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {34675#false} {34675#false} #1649#return; {34675#false} is VALID [2022-02-20 18:04:56,764 INFO L290 TraceCheckUtils]: 134: Hoare triple {34675#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {34675#false} is VALID [2022-02-20 18:04:56,764 INFO L290 TraceCheckUtils]: 135: Hoare triple {34675#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {34675#false} is VALID [2022-02-20 18:04:56,764 INFO L272 TraceCheckUtils]: 136: Hoare triple {34675#false} call outgoing(~sender#1, ~email~0#1); {34675#false} is VALID [2022-02-20 18:04:56,764 INFO L290 TraceCheckUtils]: 137: Hoare triple {34675#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34675#false} is VALID [2022-02-20 18:04:56,765 INFO L290 TraceCheckUtils]: 138: Hoare triple {34675#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {34675#false} is VALID [2022-02-20 18:04:56,765 INFO L272 TraceCheckUtils]: 139: Hoare triple {34675#false} call outgoing__before__Sign(~client#1, ~msg#1); {34675#false} is VALID [2022-02-20 18:04:56,765 INFO L290 TraceCheckUtils]: 140: Hoare triple {34675#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34675#false} is VALID [2022-02-20 18:04:56,765 INFO L290 TraceCheckUtils]: 141: Hoare triple {34675#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {34675#false} is VALID [2022-02-20 18:04:56,765 INFO L272 TraceCheckUtils]: 142: Hoare triple {34675#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {34675#false} is VALID [2022-02-20 18:04:56,765 INFO L290 TraceCheckUtils]: 143: Hoare triple {34675#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34675#false} is VALID [2022-02-20 18:04:56,765 INFO L290 TraceCheckUtils]: 144: Hoare triple {34675#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret81#1, outgoing__role__Encrypt_#t~ret82#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~15#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~15#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {34675#false} is VALID [2022-02-20 18:04:56,766 INFO L272 TraceCheckUtils]: 145: Hoare triple {34675#false} call outgoing__role__Encrypt_#t~ret81#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {34675#false} is VALID [2022-02-20 18:04:56,766 INFO L290 TraceCheckUtils]: 146: Hoare triple {34675#false} ~handle := #in~handle;havoc ~retValue_acc~26; {34675#false} is VALID [2022-02-20 18:04:56,766 INFO L290 TraceCheckUtils]: 147: Hoare triple {34675#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {34675#false} is VALID [2022-02-20 18:04:56,766 INFO L290 TraceCheckUtils]: 148: Hoare triple {34675#false} assume true; {34675#false} is VALID [2022-02-20 18:04:56,766 INFO L284 TraceCheckUtils]: 149: Hoare quadruple {34675#false} {34675#false} #1613#return; {34675#false} is VALID [2022-02-20 18:04:56,766 INFO L290 TraceCheckUtils]: 150: Hoare triple {34675#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret81#1 && outgoing__role__Encrypt_#t~ret81#1 <= 2147483647;outgoing__role__Encrypt_~tmp~15#1 := outgoing__role__Encrypt_#t~ret81#1;havoc outgoing__role__Encrypt_#t~ret81#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~15#1; {34675#false} is VALID [2022-02-20 18:04:56,766 INFO L272 TraceCheckUtils]: 151: Hoare triple {34675#false} call outgoing__role__Encrypt_#t~ret82#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {34675#false} is VALID [2022-02-20 18:04:56,766 INFO L290 TraceCheckUtils]: 152: Hoare triple {34675#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {34675#false} is VALID [2022-02-20 18:04:56,767 INFO L290 TraceCheckUtils]: 153: Hoare triple {34675#false} assume 1 == ~handle; {34675#false} is VALID [2022-02-20 18:04:56,767 INFO L290 TraceCheckUtils]: 154: Hoare triple {34675#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {34675#false} is VALID [2022-02-20 18:04:56,767 INFO L290 TraceCheckUtils]: 155: Hoare triple {34675#false} assume true; {34675#false} is VALID [2022-02-20 18:04:56,767 INFO L284 TraceCheckUtils]: 156: Hoare quadruple {34675#false} {34675#false} #1615#return; {34675#false} is VALID [2022-02-20 18:04:56,767 INFO L290 TraceCheckUtils]: 157: Hoare triple {34675#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret82#1 && outgoing__role__Encrypt_#t~ret82#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret82#1;havoc outgoing__role__Encrypt_#t~ret82#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {34675#false} is VALID [2022-02-20 18:04:56,767 INFO L290 TraceCheckUtils]: 158: Hoare triple {34675#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {34675#false} is VALID [2022-02-20 18:04:56,767 INFO L272 TraceCheckUtils]: 159: Hoare triple {34675#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {34675#false} is VALID [2022-02-20 18:04:56,768 INFO L290 TraceCheckUtils]: 160: Hoare triple {34675#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {34675#false} is VALID [2022-02-20 18:04:56,768 INFO L290 TraceCheckUtils]: 161: Hoare triple {34675#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {34675#false} is VALID [2022-02-20 18:04:56,768 INFO L290 TraceCheckUtils]: 162: Hoare triple {34675#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {34675#false} is VALID [2022-02-20 18:04:56,768 INFO L272 TraceCheckUtils]: 163: Hoare triple {34675#false} call setEmailFrom(~msg#1, ~tmp~14#1); {34675#false} is VALID [2022-02-20 18:04:56,768 INFO L290 TraceCheckUtils]: 164: Hoare triple {34675#false} ~handle := #in~handle;~value := #in~value; {34675#false} is VALID [2022-02-20 18:04:56,768 INFO L290 TraceCheckUtils]: 165: Hoare triple {34675#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34675#false} is VALID [2022-02-20 18:04:56,768 INFO L290 TraceCheckUtils]: 166: Hoare triple {34675#false} assume true; {34675#false} is VALID [2022-02-20 18:04:56,768 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {34675#false} {34675#false} #1659#return; {34675#false} is VALID [2022-02-20 18:04:56,769 INFO L290 TraceCheckUtils]: 168: Hoare triple {34675#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {34675#false} is VALID [2022-02-20 18:04:56,769 INFO L290 TraceCheckUtils]: 169: Hoare triple {34675#false} assume 0 != ~in_encrypted~0; {34675#false} is VALID [2022-02-20 18:04:56,769 INFO L272 TraceCheckUtils]: 170: Hoare triple {34675#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {34675#false} is VALID [2022-02-20 18:04:56,769 INFO L290 TraceCheckUtils]: 171: Hoare triple {34675#false} ~handle := #in~handle;havoc ~retValue_acc~29; {34675#false} is VALID [2022-02-20 18:04:56,769 INFO L290 TraceCheckUtils]: 172: Hoare triple {34675#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {34675#false} is VALID [2022-02-20 18:04:56,769 INFO L290 TraceCheckUtils]: 173: Hoare triple {34675#false} assume true; {34675#false} is VALID [2022-02-20 18:04:56,769 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {34675#false} {34675#false} #1661#return; {34675#false} is VALID [2022-02-20 18:04:56,770 INFO L290 TraceCheckUtils]: 175: Hoare triple {34675#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {34675#false} is VALID [2022-02-20 18:04:56,770 INFO L290 TraceCheckUtils]: 176: Hoare triple {34675#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {34675#false} is VALID [2022-02-20 18:04:56,770 INFO L290 TraceCheckUtils]: 177: Hoare triple {34675#false} assume !false; {34675#false} is VALID [2022-02-20 18:04:56,771 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2022-02-20 18:04:56,771 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:04:56,771 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [90513233] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:56,771 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:04:56,771 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [13] total 17 [2022-02-20 18:04:56,771 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [841319915] [2022-02-20 18:04:56,772 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:56,772 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) Word has length 178 [2022-02-20 18:04:56,772 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:56,773 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:04:56,857 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 158 edges. 158 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:56,857 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:04:56,858 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:56,858 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:04:56,858 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=34, Invalid=238, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:04:56,871 INFO L87 Difference]: Start difference. First operand 686 states and 1001 transitions. Second operand has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:04:58,665 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:58,666 INFO L93 Difference]: Finished difference Result 1316 states and 1937 transitions. [2022-02-20 18:04:58,666 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:04:58,666 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) Word has length 178 [2022-02-20 18:04:58,667 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:58,667 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:04:58,678 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 1633 transitions. [2022-02-20 18:04:58,679 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:04:58,719 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 1633 transitions. [2022-02-20 18:04:58,719 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 1633 transitions. [2022-02-20 18:04:59,524 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1633 edges. 1633 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:59,546 INFO L225 Difference]: With dead ends: 1316 [2022-02-20 18:04:59,546 INFO L226 Difference]: Without dead ends: 688 [2022-02-20 18:04:59,548 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 231 GetRequests, 214 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=299, Unknown=0, NotChecked=0, Total=342 [2022-02-20 18:04:59,549 INFO L933 BasicCegarLoop]: 836 mSDtfsCounter, 361 mSDsluCounter, 2940 mSDsCounter, 0 mSdLazyCounter, 56 mSolverCounterSat, 47 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 361 SdHoareTripleChecker+Valid, 3776 SdHoareTripleChecker+Invalid, 103 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 47 IncrementalHoareTripleChecker+Valid, 56 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:59,550 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [361 Valid, 3776 Invalid, 103 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [47 Valid, 56 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:04:59,551 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 688 states. [2022-02-20 18:04:59,638 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 688 to 688. [2022-02-20 18:04:59,638 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:59,640 INFO L82 GeneralOperation]: Start isEquivalent. First operand 688 states. Second operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 537 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 18:04:59,641 INFO L74 IsIncluded]: Start isIncluded. First operand 688 states. Second operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 537 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 18:04:59,642 INFO L87 Difference]: Start difference. First operand 688 states. Second operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 537 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 18:04:59,660 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:59,660 INFO L93 Difference]: Finished difference Result 688 states and 1007 transitions. [2022-02-20 18:04:59,660 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1007 transitions. [2022-02-20 18:04:59,662 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:59,662 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:59,663 INFO L74 IsIncluded]: Start isIncluded. First operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 537 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) Second operand 688 states. [2022-02-20 18:04:59,664 INFO L87 Difference]: Start difference. First operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 537 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) Second operand 688 states. [2022-02-20 18:04:59,685 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:59,685 INFO L93 Difference]: Finished difference Result 688 states and 1007 transitions. [2022-02-20 18:04:59,686 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1007 transitions. [2022-02-20 18:04:59,687 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:59,687 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:59,687 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:59,687 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:59,689 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 537 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 18:04:59,716 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 688 states to 688 states and 1007 transitions. [2022-02-20 18:04:59,717 INFO L78 Accepts]: Start accepts. Automaton has 688 states and 1007 transitions. Word has length 178 [2022-02-20 18:04:59,717 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:59,717 INFO L470 AbstractCegarLoop]: Abstraction has 688 states and 1007 transitions. [2022-02-20 18:04:59,717 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:04:59,717 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1007 transitions. [2022-02-20 18:04:59,721 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 187 [2022-02-20 18:04:59,721 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:59,721 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:59,757 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:04:59,939 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:04:59,940 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:59,940 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:59,940 INFO L85 PathProgramCache]: Analyzing trace with hash -354789448, now seen corresponding path program 1 times [2022-02-20 18:04:59,940 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:59,940 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [238310434] [2022-02-20 18:04:59,940 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:59,941 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:59,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:59,993 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:04:59,994 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:59,996 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:04:59,996 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:04:59,997 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39461#true} {39461#true} #1733#return; {39461#true} is VALID [2022-02-20 18:04:59,997 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:04:59,998 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,002 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,002 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,002 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39461#true} {39461#true} #1735#return; {39461#true} is VALID [2022-02-20 18:05:00,002 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:05:00,004 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,005 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,005 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,006 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39461#true} {39461#true} #1737#return; {39461#true} is VALID [2022-02-20 18:05:00,006 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:00,007 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,008 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,008 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,008 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39461#true} {39461#true} #1739#return; {39461#true} is VALID [2022-02-20 18:05:00,009 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:05:00,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,011 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,011 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,011 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39461#true} {39461#true} #1741#return; {39461#true} is VALID [2022-02-20 18:05:00,012 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:05:00,013 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,014 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,015 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39461#true} {39461#true} #1743#return; {39461#true} is VALID [2022-02-20 18:05:00,015 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:05:00,016 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,017 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,017 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,018 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39461#true} {39461#true} #1745#return; {39461#true} is VALID [2022-02-20 18:05:00,018 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:05:00,019 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,020 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,021 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,021 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39461#true} {39461#true} #1747#return; {39461#true} is VALID [2022-02-20 18:05:00,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:05:00,027 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:00,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,030 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,030 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,030 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39461#true} {39461#true} #1731#return; {39461#true} is VALID [2022-02-20 18:05:00,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {39461#true} is VALID [2022-02-20 18:05:00,031 INFO L272 TraceCheckUtils]: 1: Hoare triple {39461#true} call setClientId(~bob___0, ~bob___0); {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:00,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,031 INFO L290 TraceCheckUtils]: 3: Hoare triple {39461#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,031 INFO L290 TraceCheckUtils]: 4: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,032 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {39461#true} {39461#true} #1731#return; {39461#true} is VALID [2022-02-20 18:05:00,032 INFO L290 TraceCheckUtils]: 6: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,032 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {39461#true} {39461#true} #1749#return; {39461#true} is VALID [2022-02-20 18:05:00,037 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:05:00,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,039 INFO L290 TraceCheckUtils]: 0: Hoare triple {39561#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,039 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,040 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,040 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39461#true} {39461#true} #1751#return; {39461#true} is VALID [2022-02-20 18:05:00,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:05:00,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,042 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:00,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,044 INFO L290 TraceCheckUtils]: 0: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,044 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume !(1 == ~handle); {39461#true} is VALID [2022-02-20 18:05:00,044 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,044 INFO L290 TraceCheckUtils]: 3: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,044 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {39461#true} {39461#true} #1683#return; {39461#true} is VALID [2022-02-20 18:05:00,044 INFO L290 TraceCheckUtils]: 0: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {39461#true} is VALID [2022-02-20 18:05:00,045 INFO L272 TraceCheckUtils]: 1: Hoare triple {39461#true} call setClientId(~rjh___0, ~rjh___0); {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:00,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,045 INFO L290 TraceCheckUtils]: 3: Hoare triple {39461#true} assume !(1 == ~handle); {39461#true} is VALID [2022-02-20 18:05:00,045 INFO L290 TraceCheckUtils]: 4: Hoare triple {39461#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,045 INFO L290 TraceCheckUtils]: 5: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,045 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {39461#true} {39461#true} #1683#return; {39461#true} is VALID [2022-02-20 18:05:00,046 INFO L290 TraceCheckUtils]: 7: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,046 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {39461#true} {39461#true} #1755#return; {39461#true} is VALID [2022-02-20 18:05:00,046 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:05:00,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,048 INFO L290 TraceCheckUtils]: 0: Hoare triple {39561#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,048 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume !(1 == ~handle); {39461#true} is VALID [2022-02-20 18:05:00,048 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,048 INFO L290 TraceCheckUtils]: 3: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,049 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {39461#true} {39461#true} #1757#return; {39461#true} is VALID [2022-02-20 18:05:00,049 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:05:00,051 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,067 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:00,068 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,080 INFO L290 TraceCheckUtils]: 0: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39573#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:00,081 INFO L290 TraceCheckUtils]: 1: Hoare triple {39573#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39574#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:00,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {39574#(= |setClientId_#in~handle| 1)} assume true; {39574#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:00,082 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39574#(= |setClientId_#in~handle| 1)} {39567#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1625#return; {39572#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:05:00,082 INFO L290 TraceCheckUtils]: 0: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {39567#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 18:05:00,083 INFO L272 TraceCheckUtils]: 1: Hoare triple {39567#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:00,083 INFO L290 TraceCheckUtils]: 2: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39573#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:00,083 INFO L290 TraceCheckUtils]: 3: Hoare triple {39573#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39574#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:00,084 INFO L290 TraceCheckUtils]: 4: Hoare triple {39574#(= |setClientId_#in~handle| 1)} assume true; {39574#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:00,084 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {39574#(= |setClientId_#in~handle| 1)} {39567#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1625#return; {39572#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:05:00,084 INFO L290 TraceCheckUtils]: 6: Hoare triple {39572#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} assume true; {39572#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:05:00,085 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {39572#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} {39514#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} #1761#return; {39462#false} is VALID [2022-02-20 18:05:00,085 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:05:00,087 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,089 INFO L290 TraceCheckUtils]: 0: Hoare triple {39561#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,089 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,089 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,089 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39461#true} {39462#false} #1763#return; {39462#false} is VALID [2022-02-20 18:05:00,096 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:05:00,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,100 INFO L290 TraceCheckUtils]: 0: Hoare triple {39575#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,101 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,101 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,101 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39461#true} {39462#false} #1647#return; {39462#false} is VALID [2022-02-20 18:05:00,108 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 18:05:00,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,110 INFO L290 TraceCheckUtils]: 0: Hoare triple {39576#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,110 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,110 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,110 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39461#true} {39462#false} #1649#return; {39462#false} is VALID [2022-02-20 18:05:00,111 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 143 [2022-02-20 18:05:00,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,112 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} ~handle := #in~handle;havoc ~retValue_acc~9; {39461#true} is VALID [2022-02-20 18:05:00,112 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~9; {39461#true} is VALID [2022-02-20 18:05:00,112 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,113 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39461#true} {39462#false} #1627#return; {39462#false} is VALID [2022-02-20 18:05:00,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-02-20 18:05:00,113 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,114 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} ~handle := #in~handle;havoc ~retValue_acc~26; {39461#true} is VALID [2022-02-20 18:05:00,115 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {39461#true} is VALID [2022-02-20 18:05:00,115 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,115 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39461#true} {39462#false} #1613#return; {39462#false} is VALID [2022-02-20 18:05:00,115 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 159 [2022-02-20 18:05:00,115 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,118 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {39461#true} is VALID [2022-02-20 18:05:00,118 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume 1 == ~handle; {39461#true} is VALID [2022-02-20 18:05:00,118 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {39461#true} is VALID [2022-02-20 18:05:00,118 INFO L290 TraceCheckUtils]: 3: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,118 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {39461#true} {39462#false} #1615#return; {39462#false} is VALID [2022-02-20 18:05:00,118 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 171 [2022-02-20 18:05:00,119 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,120 INFO L290 TraceCheckUtils]: 0: Hoare triple {39575#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,120 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,120 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,121 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39461#true} {39462#false} #1659#return; {39462#false} is VALID [2022-02-20 18:05:00,121 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 178 [2022-02-20 18:05:00,121 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:00,122 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} ~handle := #in~handle;havoc ~retValue_acc~29; {39461#true} is VALID [2022-02-20 18:05:00,122 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {39461#true} is VALID [2022-02-20 18:05:00,123 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,123 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {39461#true} {39462#false} #1661#return; {39462#false} is VALID [2022-02-20 18:05:00,123 INFO L290 TraceCheckUtils]: 0: Hoare triple {39461#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(30, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(21, 7);call #Ultimate.allocInit(30, 8);call #Ultimate.allocInit(9, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(30, 11);call #Ultimate.allocInit(9, 12);call #Ultimate.allocInit(25, 13);call #Ultimate.allocInit(30, 14);call #Ultimate.allocInit(9, 15);call #Ultimate.allocInit(25, 16);call #Ultimate.allocInit(17, 17);call #Ultimate.allocInit(17, 18);call #Ultimate.allocInit(13, 19);call #Ultimate.allocInit(17, 20);call #Ultimate.allocInit(10, 21);call #Ultimate.allocInit(12, 22);call #Ultimate.allocInit(10, 23);call #Ultimate.allocInit(18, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(21, 26);call #Ultimate.allocInit(13, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(34, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(20, 34);call #Ultimate.allocInit(22, 35);call #Ultimate.allocInit(21, 36);call #Ultimate.allocInit(44, 37);call #Ultimate.allocInit(44, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(9, 40);call #Ultimate.allocInit(11, 41);call #Ultimate.allocInit(19, 42);call #Ultimate.allocInit(4, 43);call write~init~int(37, 43, 0, 1);call write~init~int(100, 43, 1, 1);call write~init~int(10, 43, 2, 1);call write~init~int(0, 43, 3, 1);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(100, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {39461#true} is VALID [2022-02-20 18:05:00,123 INFO L290 TraceCheckUtils]: 1: Hoare triple {39461#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret117#1, main_~retValue_acc~44#1, main_~tmp~26#1;havoc main_~retValue_acc~44#1;havoc main_~tmp~26#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {39461#true} is VALID [2022-02-20 18:05:00,123 INFO L290 TraceCheckUtils]: 2: Hoare triple {39461#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret5#1, select_features_#t~ret6#1, select_features_#t~ret7#1, select_features_#t~ret8#1, select_features_#t~ret9#1, select_features_#t~ret10#1, select_features_#t~ret11#1, select_features_#t~ret12#1; {39461#true} is VALID [2022-02-20 18:05:00,123 INFO L272 TraceCheckUtils]: 3: Hoare triple {39461#true} call select_features_#t~ret5#1 := select_one(); {39461#true} is VALID [2022-02-20 18:05:00,123 INFO L290 TraceCheckUtils]: 4: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,123 INFO L290 TraceCheckUtils]: 5: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,124 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {39461#true} {39461#true} #1733#return; {39461#true} is VALID [2022-02-20 18:05:00,124 INFO L290 TraceCheckUtils]: 7: Hoare triple {39461#true} assume -2147483648 <= select_features_#t~ret5#1 && select_features_#t~ret5#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret5#1;havoc select_features_#t~ret5#1; {39461#true} is VALID [2022-02-20 18:05:00,124 INFO L272 TraceCheckUtils]: 8: Hoare triple {39461#true} call select_features_#t~ret6#1 := select_one(); {39461#true} is VALID [2022-02-20 18:05:00,124 INFO L290 TraceCheckUtils]: 9: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,124 INFO L290 TraceCheckUtils]: 10: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,124 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {39461#true} {39461#true} #1735#return; {39461#true} is VALID [2022-02-20 18:05:00,124 INFO L290 TraceCheckUtils]: 12: Hoare triple {39461#true} assume -2147483648 <= select_features_#t~ret6#1 && select_features_#t~ret6#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret6#1;havoc select_features_#t~ret6#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {39461#true} is VALID [2022-02-20 18:05:00,124 INFO L272 TraceCheckUtils]: 13: Hoare triple {39461#true} call select_features_#t~ret7#1 := select_one(); {39461#true} is VALID [2022-02-20 18:05:00,124 INFO L290 TraceCheckUtils]: 14: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,125 INFO L290 TraceCheckUtils]: 15: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,125 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {39461#true} {39461#true} #1737#return; {39461#true} is VALID [2022-02-20 18:05:00,125 INFO L290 TraceCheckUtils]: 17: Hoare triple {39461#true} assume -2147483648 <= select_features_#t~ret7#1 && select_features_#t~ret7#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret7#1;havoc select_features_#t~ret7#1; {39461#true} is VALID [2022-02-20 18:05:00,125 INFO L272 TraceCheckUtils]: 18: Hoare triple {39461#true} call select_features_#t~ret8#1 := select_one(); {39461#true} is VALID [2022-02-20 18:05:00,125 INFO L290 TraceCheckUtils]: 19: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,125 INFO L290 TraceCheckUtils]: 20: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,125 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {39461#true} {39461#true} #1739#return; {39461#true} is VALID [2022-02-20 18:05:00,125 INFO L290 TraceCheckUtils]: 22: Hoare triple {39461#true} assume -2147483648 <= select_features_#t~ret8#1 && select_features_#t~ret8#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret8#1;havoc select_features_#t~ret8#1; {39461#true} is VALID [2022-02-20 18:05:00,125 INFO L272 TraceCheckUtils]: 23: Hoare triple {39461#true} call select_features_#t~ret9#1 := select_one(); {39461#true} is VALID [2022-02-20 18:05:00,126 INFO L290 TraceCheckUtils]: 24: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,126 INFO L290 TraceCheckUtils]: 25: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,126 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {39461#true} {39461#true} #1741#return; {39461#true} is VALID [2022-02-20 18:05:00,126 INFO L290 TraceCheckUtils]: 27: Hoare triple {39461#true} assume -2147483648 <= select_features_#t~ret9#1 && select_features_#t~ret9#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret9#1;havoc select_features_#t~ret9#1; {39461#true} is VALID [2022-02-20 18:05:00,126 INFO L272 TraceCheckUtils]: 28: Hoare triple {39461#true} call select_features_#t~ret10#1 := select_one(); {39461#true} is VALID [2022-02-20 18:05:00,126 INFO L290 TraceCheckUtils]: 29: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,126 INFO L290 TraceCheckUtils]: 30: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,126 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {39461#true} {39461#true} #1743#return; {39461#true} is VALID [2022-02-20 18:05:00,126 INFO L290 TraceCheckUtils]: 32: Hoare triple {39461#true} assume -2147483648 <= select_features_#t~ret10#1 && select_features_#t~ret10#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret10#1;havoc select_features_#t~ret10#1; {39461#true} is VALID [2022-02-20 18:05:00,127 INFO L272 TraceCheckUtils]: 33: Hoare triple {39461#true} call select_features_#t~ret11#1 := select_one(); {39461#true} is VALID [2022-02-20 18:05:00,127 INFO L290 TraceCheckUtils]: 34: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,127 INFO L290 TraceCheckUtils]: 35: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,127 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {39461#true} {39461#true} #1745#return; {39461#true} is VALID [2022-02-20 18:05:00,127 INFO L290 TraceCheckUtils]: 37: Hoare triple {39461#true} assume -2147483648 <= select_features_#t~ret11#1 && select_features_#t~ret11#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret11#1;havoc select_features_#t~ret11#1; {39461#true} is VALID [2022-02-20 18:05:00,127 INFO L272 TraceCheckUtils]: 38: Hoare triple {39461#true} call select_features_#t~ret12#1 := select_one(); {39461#true} is VALID [2022-02-20 18:05:00,127 INFO L290 TraceCheckUtils]: 39: Hoare triple {39461#true} havoc ~retValue_acc~0;assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647;~choice~0 := #t~nondet4;havoc #t~nondet4;~retValue_acc~0 := ~choice~0;#res := ~retValue_acc~0; {39461#true} is VALID [2022-02-20 18:05:00,127 INFO L290 TraceCheckUtils]: 40: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,127 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {39461#true} {39461#true} #1747#return; {39461#true} is VALID [2022-02-20 18:05:00,128 INFO L290 TraceCheckUtils]: 42: Hoare triple {39461#true} assume -2147483648 <= select_features_#t~ret12#1 && select_features_#t~ret12#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret12#1;havoc select_features_#t~ret12#1; {39461#true} is VALID [2022-02-20 18:05:00,128 INFO L290 TraceCheckUtils]: 43: Hoare triple {39461#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1, valid_product_~tmp~0#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~tmp~0#1; {39461#true} is VALID [2022-02-20 18:05:00,128 INFO L290 TraceCheckUtils]: 44: Hoare triple {39461#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {39461#true} is VALID [2022-02-20 18:05:00,128 INFO L290 TraceCheckUtils]: 45: Hoare triple {39461#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {39461#true} is VALID [2022-02-20 18:05:00,128 INFO L290 TraceCheckUtils]: 46: Hoare triple {39461#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {39461#true} is VALID [2022-02-20 18:05:00,128 INFO L290 TraceCheckUtils]: 47: Hoare triple {39461#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {39461#true} is VALID [2022-02-20 18:05:00,128 INFO L290 TraceCheckUtils]: 48: Hoare triple {39461#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {39461#true} is VALID [2022-02-20 18:05:00,128 INFO L290 TraceCheckUtils]: 49: Hoare triple {39461#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {39461#true} is VALID [2022-02-20 18:05:00,128 INFO L290 TraceCheckUtils]: 50: Hoare triple {39461#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {39461#true} is VALID [2022-02-20 18:05:00,129 INFO L290 TraceCheckUtils]: 51: Hoare triple {39461#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {39461#true} is VALID [2022-02-20 18:05:00,129 INFO L290 TraceCheckUtils]: 52: Hoare triple {39461#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {39461#true} is VALID [2022-02-20 18:05:00,129 INFO L290 TraceCheckUtils]: 53: Hoare triple {39461#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~0#1 := 1; {39461#true} is VALID [2022-02-20 18:05:00,129 INFO L290 TraceCheckUtils]: 54: Hoare triple {39461#true} valid_product_~retValue_acc~1#1 := valid_product_~tmp~0#1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {39461#true} is VALID [2022-02-20 18:05:00,129 INFO L290 TraceCheckUtils]: 55: Hoare triple {39461#true} main_#t~ret117#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret117#1 && main_#t~ret117#1 <= 2147483647;main_~tmp~26#1 := main_#t~ret117#1;havoc main_#t~ret117#1; {39461#true} is VALID [2022-02-20 18:05:00,129 INFO L290 TraceCheckUtils]: 56: Hoare triple {39461#true} assume 0 != main_~tmp~26#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet114#1, setup_#t~nondet115#1, setup_#t~nondet116#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {39461#true} is VALID [2022-02-20 18:05:00,129 INFO L290 TraceCheckUtils]: 57: Hoare triple {39461#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {39461#true} is VALID [2022-02-20 18:05:00,134 INFO L272 TraceCheckUtils]: 58: Hoare triple {39461#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:00,134 INFO L290 TraceCheckUtils]: 59: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {39461#true} is VALID [2022-02-20 18:05:00,135 INFO L272 TraceCheckUtils]: 60: Hoare triple {39461#true} call setClientId(~bob___0, ~bob___0); {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:00,135 INFO L290 TraceCheckUtils]: 61: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,135 INFO L290 TraceCheckUtils]: 62: Hoare triple {39461#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,135 INFO L290 TraceCheckUtils]: 63: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,135 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {39461#true} {39461#true} #1731#return; {39461#true} is VALID [2022-02-20 18:05:00,135 INFO L290 TraceCheckUtils]: 65: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,136 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {39461#true} {39461#true} #1749#return; {39461#true} is VALID [2022-02-20 18:05:00,136 INFO L272 TraceCheckUtils]: 67: Hoare triple {39461#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {39561#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:00,136 INFO L290 TraceCheckUtils]: 68: Hoare triple {39561#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,136 INFO L290 TraceCheckUtils]: 69: Hoare triple {39461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,136 INFO L290 TraceCheckUtils]: 70: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,137 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {39461#true} {39461#true} #1751#return; {39461#true} is VALID [2022-02-20 18:05:00,137 INFO L290 TraceCheckUtils]: 72: Hoare triple {39461#true} assume { :end_inline_setup_bob__role__Keys } true; {39461#true} is VALID [2022-02-20 18:05:00,137 INFO L290 TraceCheckUtils]: 73: Hoare triple {39461#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 39, 0;havoc setup_#t~nondet114#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {39461#true} is VALID [2022-02-20 18:05:00,137 INFO L290 TraceCheckUtils]: 74: Hoare triple {39461#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {39461#true} is VALID [2022-02-20 18:05:00,137 INFO L272 TraceCheckUtils]: 75: Hoare triple {39461#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:00,138 INFO L290 TraceCheckUtils]: 76: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {39461#true} is VALID [2022-02-20 18:05:00,138 INFO L272 TraceCheckUtils]: 77: Hoare triple {39461#true} call setClientId(~rjh___0, ~rjh___0); {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:00,138 INFO L290 TraceCheckUtils]: 78: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,138 INFO L290 TraceCheckUtils]: 79: Hoare triple {39461#true} assume !(1 == ~handle); {39461#true} is VALID [2022-02-20 18:05:00,138 INFO L290 TraceCheckUtils]: 80: Hoare triple {39461#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,139 INFO L290 TraceCheckUtils]: 81: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,139 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {39461#true} {39461#true} #1683#return; {39461#true} is VALID [2022-02-20 18:05:00,139 INFO L290 TraceCheckUtils]: 83: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,139 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {39461#true} {39461#true} #1755#return; {39461#true} is VALID [2022-02-20 18:05:00,139 INFO L272 TraceCheckUtils]: 85: Hoare triple {39461#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {39561#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:00,139 INFO L290 TraceCheckUtils]: 86: Hoare triple {39561#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,140 INFO L290 TraceCheckUtils]: 87: Hoare triple {39461#true} assume !(1 == ~handle); {39461#true} is VALID [2022-02-20 18:05:00,140 INFO L290 TraceCheckUtils]: 88: Hoare triple {39461#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,140 INFO L290 TraceCheckUtils]: 89: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,140 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {39461#true} {39461#true} #1757#return; {39461#true} is VALID [2022-02-20 18:05:00,140 INFO L290 TraceCheckUtils]: 91: Hoare triple {39461#true} assume { :end_inline_setup_rjh__role__Keys } true; {39461#true} is VALID [2022-02-20 18:05:00,140 INFO L290 TraceCheckUtils]: 92: Hoare triple {39461#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 40, 0;havoc setup_#t~nondet115#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {39513#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} is VALID [2022-02-20 18:05:00,141 INFO L290 TraceCheckUtils]: 93: Hoare triple {39513#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| 3)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {39514#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} is VALID [2022-02-20 18:05:00,141 INFO L272 TraceCheckUtils]: 94: Hoare triple {39514#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:00,142 INFO L290 TraceCheckUtils]: 95: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {39567#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} is VALID [2022-02-20 18:05:00,142 INFO L272 TraceCheckUtils]: 96: Hoare triple {39567#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} call setClientId(~chuck___0, ~chuck___0); {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:00,142 INFO L290 TraceCheckUtils]: 97: Hoare triple {39556#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {39573#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:05:00,143 INFO L290 TraceCheckUtils]: 98: Hoare triple {39573#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {39574#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:00,143 INFO L290 TraceCheckUtils]: 99: Hoare triple {39574#(= |setClientId_#in~handle| 1)} assume true; {39574#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:05:00,144 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {39574#(= |setClientId_#in~handle| 1)} {39567#(= setup_chuck__before__Keys_~chuck___0 |setup_chuck__before__Keys_#in~chuck___0|)} #1625#return; {39572#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:05:00,144 INFO L290 TraceCheckUtils]: 101: Hoare triple {39572#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} assume true; {39572#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} is VALID [2022-02-20 18:05:00,144 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {39572#(= |setup_chuck__before__Keys_#in~chuck___0| 1)} {39514#(= 3 |ULTIMATE.start_setup_chuck__role__Keys_~chuck___0#1|)} #1761#return; {39462#false} is VALID [2022-02-20 18:05:00,144 INFO L272 TraceCheckUtils]: 103: Hoare triple {39462#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {39561#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:05:00,144 INFO L290 TraceCheckUtils]: 104: Hoare triple {39561#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,145 INFO L290 TraceCheckUtils]: 105: Hoare triple {39461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,145 INFO L290 TraceCheckUtils]: 106: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,145 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {39461#true} {39462#false} #1763#return; {39462#false} is VALID [2022-02-20 18:05:00,145 INFO L290 TraceCheckUtils]: 108: Hoare triple {39462#false} assume { :end_inline_setup_chuck__role__Keys } true; {39462#false} is VALID [2022-02-20 18:05:00,145 INFO L290 TraceCheckUtils]: 109: Hoare triple {39462#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~5#1.base, setup_~__cil_tmp3~5#1.offset := 41, 0;havoc setup_#t~nondet116#1; {39462#false} is VALID [2022-02-20 18:05:00,145 INFO L290 TraceCheckUtils]: 110: Hoare triple {39462#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_#t~nondet20#1, test_#t~nondet21#1, test_#t~nondet22#1, test_#t~nondet23#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {39462#false} is VALID [2022-02-20 18:05:00,145 INFO L290 TraceCheckUtils]: 111: Hoare triple {39462#false} assume !false; {39462#false} is VALID [2022-02-20 18:05:00,145 INFO L290 TraceCheckUtils]: 112: Hoare triple {39462#false} assume test_~splverifierCounter~0#1 < 4; {39462#false} is VALID [2022-02-20 18:05:00,145 INFO L290 TraceCheckUtils]: 113: Hoare triple {39462#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {39462#false} is VALID [2022-02-20 18:05:00,146 INFO L290 TraceCheckUtils]: 114: Hoare triple {39462#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {39462#false} is VALID [2022-02-20 18:05:00,146 INFO L290 TraceCheckUtils]: 115: Hoare triple {39462#false} assume !(0 != test_~tmp___9~0#1); {39462#false} is VALID [2022-02-20 18:05:00,146 INFO L290 TraceCheckUtils]: 116: Hoare triple {39462#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {39462#false} is VALID [2022-02-20 18:05:00,146 INFO L290 TraceCheckUtils]: 117: Hoare triple {39462#false} assume 0 != test_~tmp___8~0#1; {39462#false} is VALID [2022-02-20 18:05:00,146 INFO L290 TraceCheckUtils]: 118: Hoare triple {39462#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {39462#false} is VALID [2022-02-20 18:05:00,146 INFO L290 TraceCheckUtils]: 119: Hoare triple {39462#false} test_~op2~0#1 := 1; {39462#false} is VALID [2022-02-20 18:05:00,146 INFO L290 TraceCheckUtils]: 120: Hoare triple {39462#false} assume !false; {39462#false} is VALID [2022-02-20 18:05:00,146 INFO L290 TraceCheckUtils]: 121: Hoare triple {39462#false} assume !(test_~splverifierCounter~0#1 < 4); {39462#false} is VALID [2022-02-20 18:05:00,146 INFO L290 TraceCheckUtils]: 122: Hoare triple {39462#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret109#1, bobToRjh_#t~ret110#1, bobToRjh_#t~ret111#1, bobToRjh_#t~ret112#1, bobToRjh_~tmp~25#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~25#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret109#1 := puts(37, 0);assume -2147483648 <= bobToRjh_#t~ret109#1 && bobToRjh_#t~ret109#1 <= 2147483647;havoc bobToRjh_#t~ret109#1; {39462#false} is VALID [2022-02-20 18:05:00,147 INFO L272 TraceCheckUtils]: 123: Hoare triple {39462#false} call sendEmail(~bob~0, ~rjh~0); {39462#false} is VALID [2022-02-20 18:05:00,147 INFO L290 TraceCheckUtils]: 124: Hoare triple {39462#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {39462#false} is VALID [2022-02-20 18:05:00,147 INFO L272 TraceCheckUtils]: 125: Hoare triple {39462#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {39575#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:00,147 INFO L290 TraceCheckUtils]: 126: Hoare triple {39575#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,147 INFO L290 TraceCheckUtils]: 127: Hoare triple {39461#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,147 INFO L290 TraceCheckUtils]: 128: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,147 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {39461#true} {39462#false} #1647#return; {39462#false} is VALID [2022-02-20 18:05:00,147 INFO L272 TraceCheckUtils]: 130: Hoare triple {39462#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {39576#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:00,147 INFO L290 TraceCheckUtils]: 131: Hoare triple {39576#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,148 INFO L290 TraceCheckUtils]: 132: Hoare triple {39461#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,148 INFO L290 TraceCheckUtils]: 133: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,148 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {39461#true} {39462#false} #1649#return; {39462#false} is VALID [2022-02-20 18:05:00,148 INFO L290 TraceCheckUtils]: 135: Hoare triple {39462#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {39462#false} is VALID [2022-02-20 18:05:00,148 INFO L290 TraceCheckUtils]: 136: Hoare triple {39462#false} #t~ret97#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret97#1 && #t~ret97#1 <= 2147483647;~tmp~21#1 := #t~ret97#1;havoc #t~ret97#1;~email~0#1 := ~tmp~21#1; {39462#false} is VALID [2022-02-20 18:05:00,148 INFO L272 TraceCheckUtils]: 137: Hoare triple {39462#false} call outgoing(~sender#1, ~email~0#1); {39462#false} is VALID [2022-02-20 18:05:00,148 INFO L290 TraceCheckUtils]: 138: Hoare triple {39462#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {39462#false} is VALID [2022-02-20 18:05:00,148 INFO L290 TraceCheckUtils]: 139: Hoare triple {39462#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {39462#false} is VALID [2022-02-20 18:05:00,148 INFO L272 TraceCheckUtils]: 140: Hoare triple {39462#false} call outgoing__before__Sign(~client#1, ~msg#1); {39462#false} is VALID [2022-02-20 18:05:00,149 INFO L290 TraceCheckUtils]: 141: Hoare triple {39462#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {39462#false} is VALID [2022-02-20 18:05:00,149 INFO L290 TraceCheckUtils]: 142: Hoare triple {39462#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret83#1, outgoing__role__AddressBook_#t~ret84#1, outgoing__role__AddressBook_#t~ret85#1, outgoing__role__AddressBook_#t~ret86#1, outgoing__role__AddressBook_#t~ret87#1, outgoing__role__AddressBook_#t~ret88#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~2#1, outgoing__role__AddressBook_~tmp~16#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~5#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~2#1, outgoing__role__AddressBook_~tmp___2~2#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~2#1;havoc outgoing__role__AddressBook_~tmp~16#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~5#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~2#1;havoc outgoing__role__AddressBook_~tmp___2~2#1; {39462#false} is VALID [2022-02-20 18:05:00,149 INFO L272 TraceCheckUtils]: 143: Hoare triple {39462#false} call outgoing__role__AddressBook_#t~ret83#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {39461#true} is VALID [2022-02-20 18:05:00,149 INFO L290 TraceCheckUtils]: 144: Hoare triple {39461#true} ~handle := #in~handle;havoc ~retValue_acc~9; {39461#true} is VALID [2022-02-20 18:05:00,149 INFO L290 TraceCheckUtils]: 145: Hoare triple {39461#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~9; {39461#true} is VALID [2022-02-20 18:05:00,149 INFO L290 TraceCheckUtils]: 146: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,149 INFO L284 TraceCheckUtils]: 147: Hoare quadruple {39461#true} {39462#false} #1627#return; {39462#false} is VALID [2022-02-20 18:05:00,149 INFO L290 TraceCheckUtils]: 148: Hoare triple {39462#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret83#1 && outgoing__role__AddressBook_#t~ret83#1 <= 2147483647;outgoing__role__AddressBook_~tmp~16#1 := outgoing__role__AddressBook_#t~ret83#1;havoc outgoing__role__AddressBook_#t~ret83#1;outgoing__role__AddressBook_~size~2#1 := outgoing__role__AddressBook_~tmp~16#1; {39462#false} is VALID [2022-02-20 18:05:00,149 INFO L290 TraceCheckUtils]: 149: Hoare triple {39462#false} assume !(0 != outgoing__role__AddressBook_~size~2#1); {39462#false} is VALID [2022-02-20 18:05:00,150 INFO L272 TraceCheckUtils]: 150: Hoare triple {39462#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {39462#false} is VALID [2022-02-20 18:05:00,150 INFO L290 TraceCheckUtils]: 151: Hoare triple {39462#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {39462#false} is VALID [2022-02-20 18:05:00,150 INFO L290 TraceCheckUtils]: 152: Hoare triple {39462#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret81#1, outgoing__role__Encrypt_#t~ret82#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~15#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~4#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~15#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~4#1; {39462#false} is VALID [2022-02-20 18:05:00,150 INFO L272 TraceCheckUtils]: 153: Hoare triple {39462#false} call outgoing__role__Encrypt_#t~ret81#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {39461#true} is VALID [2022-02-20 18:05:00,150 INFO L290 TraceCheckUtils]: 154: Hoare triple {39461#true} ~handle := #in~handle;havoc ~retValue_acc~26; {39461#true} is VALID [2022-02-20 18:05:00,150 INFO L290 TraceCheckUtils]: 155: Hoare triple {39461#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {39461#true} is VALID [2022-02-20 18:05:00,150 INFO L290 TraceCheckUtils]: 156: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,150 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {39461#true} {39462#false} #1613#return; {39462#false} is VALID [2022-02-20 18:05:00,150 INFO L290 TraceCheckUtils]: 158: Hoare triple {39462#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret81#1 && outgoing__role__Encrypt_#t~ret81#1 <= 2147483647;outgoing__role__Encrypt_~tmp~15#1 := outgoing__role__Encrypt_#t~ret81#1;havoc outgoing__role__Encrypt_#t~ret81#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~15#1; {39462#false} is VALID [2022-02-20 18:05:00,151 INFO L272 TraceCheckUtils]: 159: Hoare triple {39462#false} call outgoing__role__Encrypt_#t~ret82#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {39461#true} is VALID [2022-02-20 18:05:00,151 INFO L290 TraceCheckUtils]: 160: Hoare triple {39461#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~20; {39461#true} is VALID [2022-02-20 18:05:00,151 INFO L290 TraceCheckUtils]: 161: Hoare triple {39461#true} assume 1 == ~handle; {39461#true} is VALID [2022-02-20 18:05:00,151 INFO L290 TraceCheckUtils]: 162: Hoare triple {39461#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~20 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~20; {39461#true} is VALID [2022-02-20 18:05:00,151 INFO L290 TraceCheckUtils]: 163: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,151 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {39461#true} {39462#false} #1615#return; {39462#false} is VALID [2022-02-20 18:05:00,151 INFO L290 TraceCheckUtils]: 165: Hoare triple {39462#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret82#1 && outgoing__role__Encrypt_#t~ret82#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~4#1 := outgoing__role__Encrypt_#t~ret82#1;havoc outgoing__role__Encrypt_#t~ret82#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~4#1; {39462#false} is VALID [2022-02-20 18:05:00,151 INFO L290 TraceCheckUtils]: 166: Hoare triple {39462#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {39462#false} is VALID [2022-02-20 18:05:00,152 INFO L272 TraceCheckUtils]: 167: Hoare triple {39462#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {39462#false} is VALID [2022-02-20 18:05:00,152 INFO L290 TraceCheckUtils]: 168: Hoare triple {39462#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~22#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~22#1; {39462#false} is VALID [2022-02-20 18:05:00,152 INFO L290 TraceCheckUtils]: 169: Hoare triple {39462#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~22#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~22#1; {39462#false} is VALID [2022-02-20 18:05:00,152 INFO L290 TraceCheckUtils]: 170: Hoare triple {39462#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {39462#false} is VALID [2022-02-20 18:05:00,152 INFO L272 TraceCheckUtils]: 171: Hoare triple {39462#false} call setEmailFrom(~msg#1, ~tmp~14#1); {39575#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:00,152 INFO L290 TraceCheckUtils]: 172: Hoare triple {39575#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {39461#true} is VALID [2022-02-20 18:05:00,152 INFO L290 TraceCheckUtils]: 173: Hoare triple {39461#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {39461#true} is VALID [2022-02-20 18:05:00,152 INFO L290 TraceCheckUtils]: 174: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,152 INFO L284 TraceCheckUtils]: 175: Hoare quadruple {39461#true} {39462#false} #1659#return; {39462#false} is VALID [2022-02-20 18:05:00,153 INFO L290 TraceCheckUtils]: 176: Hoare triple {39462#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 := puts(19, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret53#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~3#1.offset := 20, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet54#1; {39462#false} is VALID [2022-02-20 18:05:00,153 INFO L290 TraceCheckUtils]: 177: Hoare triple {39462#false} assume 0 != ~in_encrypted~0; {39462#false} is VALID [2022-02-20 18:05:00,153 INFO L272 TraceCheckUtils]: 178: Hoare triple {39462#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {39461#true} is VALID [2022-02-20 18:05:00,153 INFO L290 TraceCheckUtils]: 179: Hoare triple {39461#true} ~handle := #in~handle;havoc ~retValue_acc~29; {39461#true} is VALID [2022-02-20 18:05:00,153 INFO L290 TraceCheckUtils]: 180: Hoare triple {39461#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {39461#true} is VALID [2022-02-20 18:05:00,153 INFO L290 TraceCheckUtils]: 181: Hoare triple {39461#true} assume true; {39461#true} is VALID [2022-02-20 18:05:00,153 INFO L284 TraceCheckUtils]: 182: Hoare quadruple {39461#true} {39462#false} #1661#return; {39462#false} is VALID [2022-02-20 18:05:00,153 INFO L290 TraceCheckUtils]: 183: Hoare triple {39462#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret55#1; {39462#false} is VALID [2022-02-20 18:05:00,153 INFO L290 TraceCheckUtils]: 184: Hoare triple {39462#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {39462#false} is VALID [2022-02-20 18:05:00,154 INFO L290 TraceCheckUtils]: 185: Hoare triple {39462#false} assume !false; {39462#false} is VALID [2022-02-20 18:05:00,154 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2022-02-20 18:05:00,154 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:00,154 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [238310434] [2022-02-20 18:05:00,154 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [238310434] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:00,154 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:00,155 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:05:00,155 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1581367552] [2022-02-20 18:05:00,155 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:00,155 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 10 states have (on average 10.8) internal successors, (108), 8 states have internal predecessors, (108), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) Word has length 186 [2022-02-20 18:05:00,156 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:00,156 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 10 states have (on average 10.8) internal successors, (108), 8 states have internal predecessors, (108), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2022-02-20 18:05:00,240 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 161 edges. 161 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:00,240 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:05:00,240 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:00,241 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:05:00,241 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:05:00,241 INFO L87 Difference]: Start difference. First operand 688 states and 1007 transitions. Second operand has 12 states, 10 states have (on average 10.8) internal successors, (108), 8 states have internal predecessors, (108), 4 states have call successors, (29), 6 states have call predecessors, (29), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24)