./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec9_productSimulator.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec9_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash a46e94d21677d8e787ff51041171bb0d6a97c638f1cb1f2181c1b14c15718344 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:05:20,146 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:05:20,148 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:05:20,188 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:05:20,189 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:05:20,191 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:05:20,193 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:05:20,195 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:05:20,197 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:05:20,201 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:05:20,201 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:05:20,202 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:05:20,203 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:05:20,205 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:05:20,206 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:05:20,208 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:05:20,209 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:05:20,210 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:05:20,212 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:05:20,217 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:05:20,218 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:05:20,219 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:05:20,220 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:05:20,221 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:05:20,227 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:05:20,228 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:05:20,228 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:05:20,229 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:05:20,230 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:05:20,231 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:05:20,231 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:05:20,232 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:05:20,233 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:05:20,234 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:05:20,235 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:05:20,236 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:05:20,236 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:05:20,236 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:05:20,236 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:05:20,237 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:05:20,238 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:05:20,238 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:05:20,269 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:05:20,269 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:05:20,270 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:05:20,270 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:05:20,271 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:05:20,271 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:05:20,272 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:05:20,272 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:05:20,272 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:05:20,272 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:05:20,273 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:05:20,273 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:05:20,274 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:05:20,274 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:05:20,274 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:05:20,274 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:05:20,274 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:05:20,274 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:05:20,275 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:05:20,275 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:05:20,275 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:05:20,275 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:05:20,275 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:05:20,275 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:05:20,276 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:05:20,276 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:05:20,276 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:05:20,277 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:05:20,277 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:05:20,278 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:05:20,278 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:05:20,278 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:05:20,278 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:05:20,278 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> a46e94d21677d8e787ff51041171bb0d6a97c638f1cb1f2181c1b14c15718344 [2022-02-20 18:05:20,474 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:05:20,497 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:05:20,500 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:05:20,501 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:05:20,501 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:05:20,502 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec9_productSimulator.cil.c [2022-02-20 18:05:20,561 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c8a5037e5/4ae92135b0c7493d860eedc84a590deb/FLAGa9df16b90 [2022-02-20 18:05:21,098 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:05:21,098 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_productSimulator.cil.c [2022-02-20 18:05:21,116 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c8a5037e5/4ae92135b0c7493d860eedc84a590deb/FLAGa9df16b90 [2022-02-20 18:05:21,540 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c8a5037e5/4ae92135b0c7493d860eedc84a590deb [2022-02-20 18:05:21,542 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:05:21,543 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:05:21,545 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:05:21,545 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:05:21,553 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:05:21,554 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:05:21" (1/1) ... [2022-02-20 18:05:21,555 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@7e547b02 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:21, skipping insertion in model container [2022-02-20 18:05:21,556 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:05:21" (1/1) ... [2022-02-20 18:05:21,561 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:05:21,655 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:05:22,111 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_productSimulator.cil.c[31629,31642] [2022-02-20 18:05:22,243 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:05:22,252 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:05:22,299 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec9_productSimulator.cil.c[31629,31642] [2022-02-20 18:05:22,341 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:05:22,393 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:05:22,394 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:22 WrapperNode [2022-02-20 18:05:22,394 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:05:22,396 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:05:22,396 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:05:22,396 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:05:22,402 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:22" (1/1) ... [2022-02-20 18:05:22,440 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:22" (1/1) ... [2022-02-20 18:05:22,524 INFO L137 Inliner]: procedures = 152, calls = 288, calls flagged for inlining = 68, calls inlined = 65, statements flattened = 1326 [2022-02-20 18:05:22,526 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:05:22,527 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:05:22,527 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:05:22,527 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:05:22,540 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:22" (1/1) ... [2022-02-20 18:05:22,541 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:22" (1/1) ... [2022-02-20 18:05:22,563 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:22" (1/1) ... [2022-02-20 18:05:22,564 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:22" (1/1) ... [2022-02-20 18:05:22,607 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:22" (1/1) ... [2022-02-20 18:05:22,617 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:22" (1/1) ... [2022-02-20 18:05:22,639 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:22" (1/1) ... [2022-02-20 18:05:22,648 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:05:22,649 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:05:22,649 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:05:22,649 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:05:22,664 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:22" (1/1) ... [2022-02-20 18:05:22,672 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:05:22,682 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:22,718 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:05:22,724 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:05:22,760 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:05:22,760 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:05:22,760 INFO L130 BoogieDeclarations]: Found specification of procedure setup_chuck__before__Keys [2022-02-20 18:05:22,760 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_chuck__before__Keys [2022-02-20 18:05:22,761 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Sign [2022-02-20 18:05:22,761 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Sign [2022-02-20 18:05:22,761 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 18:05:22,761 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 18:05:22,761 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:05:22,762 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:05:22,762 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 18:05:22,762 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 18:05:22,762 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:05:22,762 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:05:22,762 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Verify [2022-02-20 18:05:22,763 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Verify [2022-02-20 18:05:22,763 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:05:22,763 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:05:22,763 INFO L130 BoogieDeclarations]: Found specification of procedure setup_bob__before__Keys [2022-02-20 18:05:22,763 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_bob__before__Keys [2022-02-20 18:05:22,763 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:05:22,764 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:05:22,764 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:05:22,764 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:05:22,764 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:05:22,764 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:05:22,764 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Decrypt [2022-02-20 18:05:22,765 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Decrypt [2022-02-20 18:05:22,765 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__Encrypt [2022-02-20 18:05:22,765 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__Encrypt [2022-02-20 18:05:22,765 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:05:22,765 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:05:22,765 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:05:22,766 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:05:22,766 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:05:22,766 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:05:22,766 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:05:22,766 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Forward [2022-02-20 18:05:22,766 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Forward [2022-02-20 18:05:22,767 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:05:22,767 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:05:22,767 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 18:05:22,767 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 18:05:22,767 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:05:22,767 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:05:22,768 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable__before__Encrypt [2022-02-20 18:05:22,768 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable__before__Encrypt [2022-02-20 18:05:22,768 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:05:22,768 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:05:22,768 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:05:22,769 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:05:22,769 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:05:22,769 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__before__AddressBook [2022-02-20 18:05:22,769 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__before__AddressBook [2022-02-20 18:05:22,769 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Encrypt [2022-02-20 18:05:22,769 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Encrypt [2022-02-20 18:05:22,770 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__AutoResponder [2022-02-20 18:05:22,770 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__AutoResponder [2022-02-20 18:05:22,770 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 18:05:22,770 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 18:05:22,770 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:05:22,770 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:05:22,771 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:05:22,771 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:05:22,771 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:05:22,771 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:05:22,771 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 18:05:22,772 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 18:05:22,772 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:05:22,772 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:05:22,772 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:05:22,772 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:05:22,772 INFO L130 BoogieDeclarations]: Found specification of procedure setup_rjh__before__Keys [2022-02-20 18:05:22,773 INFO L138 BoogieDeclarations]: Found implementation of procedure setup_rjh__before__Keys [2022-02-20 18:05:22,773 INFO L130 BoogieDeclarations]: Found specification of procedure incoming__before__Verify [2022-02-20 18:05:22,773 INFO L138 BoogieDeclarations]: Found implementation of procedure incoming__before__Verify [2022-02-20 18:05:22,773 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:05:22,773 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:05:22,773 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:05:22,774 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:05:22,774 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:05:22,780 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:05:22,780 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:05:22,780 INFO L130 BoogieDeclarations]: Found specification of procedure printMail__before__Sign [2022-02-20 18:05:22,780 INFO L138 BoogieDeclarations]: Found implementation of procedure printMail__before__Sign [2022-02-20 18:05:22,780 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2022-02-20 18:05:22,781 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2022-02-20 18:05:22,781 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 18:05:22,781 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 18:05:22,781 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:05:22,781 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:05:23,020 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:05:23,023 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:05:23,906 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:05:23,918 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:05:23,919 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:05:23,921 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:05:23 BoogieIcfgContainer [2022-02-20 18:05:23,921 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:05:23,923 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:05:23,923 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:05:23,926 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:05:23,926 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:05:21" (1/3) ... [2022-02-20 18:05:23,927 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3909f51c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:05:23, skipping insertion in model container [2022-02-20 18:05:23,927 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:22" (2/3) ... [2022-02-20 18:05:23,927 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3909f51c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:05:23, skipping insertion in model container [2022-02-20 18:05:23,927 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:05:23" (3/3) ... [2022-02-20 18:05:23,929 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec9_productSimulator.cil.c [2022-02-20 18:05:23,933 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:05:23,934 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:05:23,974 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:05:23,983 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:05:23,984 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:05:24,031 INFO L276 IsEmpty]: Start isEmpty. Operand has 604 states, 449 states have (on average 1.5144766146993318) internal successors, (680), 469 states have internal predecessors, (680), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) [2022-02-20 18:05:24,047 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 128 [2022-02-20 18:05:24,048 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:24,049 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:24,049 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:24,053 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:24,054 INFO L85 PathProgramCache]: Analyzing trace with hash -1310995889, now seen corresponding path program 1 times [2022-02-20 18:05:24,061 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:24,062 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1563930568] [2022-02-20 18:05:24,062 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:24,063 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:24,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,477 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:05:24,484 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,500 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,501 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1733#return; {607#true} is VALID [2022-02-20 18:05:24,502 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:05:24,506 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,511 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,511 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,512 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1735#return; {607#true} is VALID [2022-02-20 18:05:24,512 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:05:24,518 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,524 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,524 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,524 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1737#return; {607#true} is VALID [2022-02-20 18:05:24,525 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:24,528 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,533 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,533 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,534 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1739#return; {607#true} is VALID [2022-02-20 18:05:24,534 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:05:24,544 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,549 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,550 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,551 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1741#return; {607#true} is VALID [2022-02-20 18:05:24,551 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:05:24,556 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,560 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,561 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,561 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1743#return; {607#true} is VALID [2022-02-20 18:05:24,562 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:05:24,565 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,574 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,574 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1745#return; {607#true} is VALID [2022-02-20 18:05:24,575 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:05:24,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,584 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,584 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,584 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {607#true} {607#true} #1747#return; {607#true} is VALID [2022-02-20 18:05:24,591 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 18:05:24,596 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,600 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:24,602 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,605 INFO L290 TraceCheckUtils]: 0: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,605 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,605 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,605 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {607#true} #1731#return; {607#true} is VALID [2022-02-20 18:05:24,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {607#true} is VALID [2022-02-20 18:05:24,607 INFO L272 TraceCheckUtils]: 1: Hoare triple {607#true} call setClientId(~bob___0, ~bob___0); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:24,607 INFO L290 TraceCheckUtils]: 2: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,608 INFO L290 TraceCheckUtils]: 3: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,608 INFO L290 TraceCheckUtils]: 4: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,608 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {607#true} {607#true} #1731#return; {607#true} is VALID [2022-02-20 18:05:24,608 INFO L290 TraceCheckUtils]: 6: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,608 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {607#true} {607#true} #1753#return; {607#true} is VALID [2022-02-20 18:05:24,609 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:05:24,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:24,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,618 INFO L290 TraceCheckUtils]: 0: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,653 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,653 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,654 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {607#true} #1683#return; {607#true} is VALID [2022-02-20 18:05:24,654 INFO L290 TraceCheckUtils]: 0: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {607#true} is VALID [2022-02-20 18:05:24,656 INFO L272 TraceCheckUtils]: 1: Hoare triple {607#true} call setClientId(~rjh___0, ~rjh___0); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:24,656 INFO L290 TraceCheckUtils]: 2: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,656 INFO L290 TraceCheckUtils]: 3: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,657 INFO L290 TraceCheckUtils]: 4: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,657 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {607#true} {607#true} #1683#return; {607#true} is VALID [2022-02-20 18:05:24,657 INFO L290 TraceCheckUtils]: 6: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,657 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {607#true} {607#true} #1759#return; {607#true} is VALID [2022-02-20 18:05:24,658 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:05:24,660 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,663 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:24,664 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,667 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {607#true} #1625#return; {607#true} is VALID [2022-02-20 18:05:24,668 INFO L290 TraceCheckUtils]: 0: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {607#true} is VALID [2022-02-20 18:05:24,669 INFO L272 TraceCheckUtils]: 1: Hoare triple {607#true} call setClientId(~chuck___0, ~chuck___0); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:24,669 INFO L290 TraceCheckUtils]: 2: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,669 INFO L290 TraceCheckUtils]: 3: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,670 INFO L290 TraceCheckUtils]: 4: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,670 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {607#true} {607#true} #1625#return; {607#true} is VALID [2022-02-20 18:05:24,670 INFO L290 TraceCheckUtils]: 6: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,670 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {607#true} {607#true} #1765#return; {607#true} is VALID [2022-02-20 18:05:24,675 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:05:24,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,679 INFO L290 TraceCheckUtils]: 0: Hoare triple {686#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,680 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,680 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,680 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {608#false} #1647#return; {608#false} is VALID [2022-02-20 18:05:24,686 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:05:24,687 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,690 INFO L290 TraceCheckUtils]: 0: Hoare triple {687#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,690 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,691 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,691 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {608#false} #1649#return; {608#false} is VALID [2022-02-20 18:05:24,691 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:05:24,692 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,695 INFO L290 TraceCheckUtils]: 0: Hoare triple {686#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,695 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,695 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,696 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {608#false} #1659#return; {608#false} is VALID [2022-02-20 18:05:24,696 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:05:24,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:24,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} ~handle := #in~handle;havoc ~retValue_acc~6; {607#true} is VALID [2022-02-20 18:05:24,700 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {607#true} is VALID [2022-02-20 18:05:24,700 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,700 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {607#true} {608#false} #1661#return; {608#false} is VALID [2022-02-20 18:05:24,701 INFO L290 TraceCheckUtils]: 0: Hoare triple {607#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {607#true} is VALID [2022-02-20 18:05:24,701 INFO L290 TraceCheckUtils]: 1: Hoare triple {607#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {607#true} is VALID [2022-02-20 18:05:24,701 INFO L290 TraceCheckUtils]: 2: Hoare triple {607#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {607#true} is VALID [2022-02-20 18:05:24,702 INFO L272 TraceCheckUtils]: 3: Hoare triple {607#true} call select_features_#t~ret96#1 := select_one(); {607#true} is VALID [2022-02-20 18:05:24,702 INFO L290 TraceCheckUtils]: 4: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,702 INFO L290 TraceCheckUtils]: 5: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,702 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {607#true} {607#true} #1733#return; {607#true} is VALID [2022-02-20 18:05:24,703 INFO L290 TraceCheckUtils]: 7: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {607#true} is VALID [2022-02-20 18:05:24,703 INFO L272 TraceCheckUtils]: 8: Hoare triple {607#true} call select_features_#t~ret97#1 := select_one(); {607#true} is VALID [2022-02-20 18:05:24,703 INFO L290 TraceCheckUtils]: 9: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,703 INFO L290 TraceCheckUtils]: 10: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,703 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {607#true} {607#true} #1735#return; {607#true} is VALID [2022-02-20 18:05:24,704 INFO L290 TraceCheckUtils]: 12: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {607#true} is VALID [2022-02-20 18:05:24,704 INFO L272 TraceCheckUtils]: 13: Hoare triple {607#true} call select_features_#t~ret98#1 := select_one(); {607#true} is VALID [2022-02-20 18:05:24,704 INFO L290 TraceCheckUtils]: 14: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,704 INFO L290 TraceCheckUtils]: 15: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,704 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {607#true} {607#true} #1737#return; {607#true} is VALID [2022-02-20 18:05:24,705 INFO L290 TraceCheckUtils]: 17: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {607#true} is VALID [2022-02-20 18:05:24,705 INFO L272 TraceCheckUtils]: 18: Hoare triple {607#true} call select_features_#t~ret99#1 := select_one(); {607#true} is VALID [2022-02-20 18:05:24,705 INFO L290 TraceCheckUtils]: 19: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,705 INFO L290 TraceCheckUtils]: 20: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,705 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {607#true} {607#true} #1739#return; {607#true} is VALID [2022-02-20 18:05:24,706 INFO L290 TraceCheckUtils]: 22: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {607#true} is VALID [2022-02-20 18:05:24,706 INFO L272 TraceCheckUtils]: 23: Hoare triple {607#true} call select_features_#t~ret100#1 := select_one(); {607#true} is VALID [2022-02-20 18:05:24,706 INFO L290 TraceCheckUtils]: 24: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,706 INFO L290 TraceCheckUtils]: 25: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,706 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {607#true} {607#true} #1741#return; {607#true} is VALID [2022-02-20 18:05:24,707 INFO L290 TraceCheckUtils]: 27: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {607#true} is VALID [2022-02-20 18:05:24,707 INFO L272 TraceCheckUtils]: 28: Hoare triple {607#true} call select_features_#t~ret101#1 := select_one(); {607#true} is VALID [2022-02-20 18:05:24,707 INFO L290 TraceCheckUtils]: 29: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,707 INFO L290 TraceCheckUtils]: 30: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,707 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {607#true} {607#true} #1743#return; {607#true} is VALID [2022-02-20 18:05:24,708 INFO L290 TraceCheckUtils]: 32: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {607#true} is VALID [2022-02-20 18:05:24,708 INFO L272 TraceCheckUtils]: 33: Hoare triple {607#true} call select_features_#t~ret102#1 := select_one(); {607#true} is VALID [2022-02-20 18:05:24,708 INFO L290 TraceCheckUtils]: 34: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,708 INFO L290 TraceCheckUtils]: 35: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,709 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {607#true} {607#true} #1745#return; {607#true} is VALID [2022-02-20 18:05:24,709 INFO L290 TraceCheckUtils]: 37: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {607#true} is VALID [2022-02-20 18:05:24,709 INFO L272 TraceCheckUtils]: 38: Hoare triple {607#true} call select_features_#t~ret103#1 := select_one(); {607#true} is VALID [2022-02-20 18:05:24,709 INFO L290 TraceCheckUtils]: 39: Hoare triple {607#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {607#true} is VALID [2022-02-20 18:05:24,709 INFO L290 TraceCheckUtils]: 40: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,710 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {607#true} {607#true} #1747#return; {607#true} is VALID [2022-02-20 18:05:24,710 INFO L290 TraceCheckUtils]: 42: Hoare triple {607#true} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {607#true} is VALID [2022-02-20 18:05:24,710 INFO L290 TraceCheckUtils]: 43: Hoare triple {607#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {607#true} is VALID [2022-02-20 18:05:24,710 INFO L290 TraceCheckUtils]: 44: Hoare triple {607#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {607#true} is VALID [2022-02-20 18:05:24,711 INFO L290 TraceCheckUtils]: 45: Hoare triple {607#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~20#1 := 0; {607#true} is VALID [2022-02-20 18:05:24,711 INFO L290 TraceCheckUtils]: 46: Hoare triple {607#true} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {607#true} is VALID [2022-02-20 18:05:24,711 INFO L290 TraceCheckUtils]: 47: Hoare triple {607#true} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {607#true} is VALID [2022-02-20 18:05:24,711 INFO L290 TraceCheckUtils]: 48: Hoare triple {607#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {607#true} is VALID [2022-02-20 18:05:24,711 INFO L290 TraceCheckUtils]: 49: Hoare triple {607#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {607#true} is VALID [2022-02-20 18:05:24,713 INFO L272 TraceCheckUtils]: 50: Hoare triple {607#true} call setup_bob__before__Keys(setup_bob_~bob___0#1); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:24,713 INFO L290 TraceCheckUtils]: 51: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {607#true} is VALID [2022-02-20 18:05:24,714 INFO L272 TraceCheckUtils]: 52: Hoare triple {607#true} call setClientId(~bob___0, ~bob___0); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:24,714 INFO L290 TraceCheckUtils]: 53: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,714 INFO L290 TraceCheckUtils]: 54: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,714 INFO L290 TraceCheckUtils]: 55: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,714 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {607#true} {607#true} #1731#return; {607#true} is VALID [2022-02-20 18:05:24,715 INFO L290 TraceCheckUtils]: 57: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,715 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {607#true} {607#true} #1753#return; {607#true} is VALID [2022-02-20 18:05:24,715 INFO L290 TraceCheckUtils]: 59: Hoare triple {607#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {607#true} is VALID [2022-02-20 18:05:24,715 INFO L290 TraceCheckUtils]: 60: Hoare triple {607#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {607#true} is VALID [2022-02-20 18:05:24,716 INFO L272 TraceCheckUtils]: 61: Hoare triple {607#true} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:24,716 INFO L290 TraceCheckUtils]: 62: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {607#true} is VALID [2022-02-20 18:05:24,717 INFO L272 TraceCheckUtils]: 63: Hoare triple {607#true} call setClientId(~rjh___0, ~rjh___0); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:24,717 INFO L290 TraceCheckUtils]: 64: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,718 INFO L290 TraceCheckUtils]: 65: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,718 INFO L290 TraceCheckUtils]: 66: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,718 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {607#true} {607#true} #1683#return; {607#true} is VALID [2022-02-20 18:05:24,718 INFO L290 TraceCheckUtils]: 68: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,719 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {607#true} {607#true} #1759#return; {607#true} is VALID [2022-02-20 18:05:24,719 INFO L290 TraceCheckUtils]: 70: Hoare triple {607#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {607#true} is VALID [2022-02-20 18:05:24,719 INFO L290 TraceCheckUtils]: 71: Hoare triple {607#true} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {607#true} is VALID [2022-02-20 18:05:24,720 INFO L272 TraceCheckUtils]: 72: Hoare triple {607#true} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:24,720 INFO L290 TraceCheckUtils]: 73: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {607#true} is VALID [2022-02-20 18:05:24,721 INFO L272 TraceCheckUtils]: 74: Hoare triple {607#true} call setClientId(~chuck___0, ~chuck___0); {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:24,721 INFO L290 TraceCheckUtils]: 75: Hoare triple {673#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,721 INFO L290 TraceCheckUtils]: 76: Hoare triple {607#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,722 INFO L290 TraceCheckUtils]: 77: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,722 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {607#true} {607#true} #1625#return; {607#true} is VALID [2022-02-20 18:05:24,722 INFO L290 TraceCheckUtils]: 79: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,722 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {607#true} {607#true} #1765#return; {607#true} is VALID [2022-02-20 18:05:24,722 INFO L290 TraceCheckUtils]: 81: Hoare triple {607#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {607#true} is VALID [2022-02-20 18:05:24,723 INFO L290 TraceCheckUtils]: 82: Hoare triple {607#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {607#true} is VALID [2022-02-20 18:05:24,723 INFO L290 TraceCheckUtils]: 83: Hoare triple {607#true} assume !true; {608#false} is VALID [2022-02-20 18:05:24,724 INFO L290 TraceCheckUtils]: 84: Hoare triple {608#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {608#false} is VALID [2022-02-20 18:05:24,724 INFO L272 TraceCheckUtils]: 85: Hoare triple {608#false} call sendEmail(~bob~0, ~rjh~0); {608#false} is VALID [2022-02-20 18:05:24,724 INFO L290 TraceCheckUtils]: 86: Hoare triple {608#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {608#false} is VALID [2022-02-20 18:05:24,724 INFO L272 TraceCheckUtils]: 87: Hoare triple {608#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {686#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:24,724 INFO L290 TraceCheckUtils]: 88: Hoare triple {686#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,725 INFO L290 TraceCheckUtils]: 89: Hoare triple {607#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,725 INFO L290 TraceCheckUtils]: 90: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,725 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {607#true} {608#false} #1647#return; {608#false} is VALID [2022-02-20 18:05:24,725 INFO L272 TraceCheckUtils]: 92: Hoare triple {608#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {687#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:24,725 INFO L290 TraceCheckUtils]: 93: Hoare triple {687#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,725 INFO L290 TraceCheckUtils]: 94: Hoare triple {607#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,726 INFO L290 TraceCheckUtils]: 95: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,726 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {607#true} {608#false} #1649#return; {608#false} is VALID [2022-02-20 18:05:24,726 INFO L290 TraceCheckUtils]: 97: Hoare triple {608#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {608#false} is VALID [2022-02-20 18:05:24,726 INFO L290 TraceCheckUtils]: 98: Hoare triple {608#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {608#false} is VALID [2022-02-20 18:05:24,726 INFO L272 TraceCheckUtils]: 99: Hoare triple {608#false} call outgoing(~sender#1, ~email~0#1); {608#false} is VALID [2022-02-20 18:05:24,727 INFO L290 TraceCheckUtils]: 100: Hoare triple {608#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {608#false} is VALID [2022-02-20 18:05:24,727 INFO L290 TraceCheckUtils]: 101: Hoare triple {608#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {608#false} is VALID [2022-02-20 18:05:24,727 INFO L272 TraceCheckUtils]: 102: Hoare triple {608#false} call outgoing__before__Sign(~client#1, ~msg#1); {608#false} is VALID [2022-02-20 18:05:24,727 INFO L290 TraceCheckUtils]: 103: Hoare triple {608#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {608#false} is VALID [2022-02-20 18:05:24,727 INFO L290 TraceCheckUtils]: 104: Hoare triple {608#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {608#false} is VALID [2022-02-20 18:05:24,728 INFO L272 TraceCheckUtils]: 105: Hoare triple {608#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {608#false} is VALID [2022-02-20 18:05:24,728 INFO L290 TraceCheckUtils]: 106: Hoare triple {608#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {608#false} is VALID [2022-02-20 18:05:24,728 INFO L290 TraceCheckUtils]: 107: Hoare triple {608#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {608#false} is VALID [2022-02-20 18:05:24,728 INFO L272 TraceCheckUtils]: 108: Hoare triple {608#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {608#false} is VALID [2022-02-20 18:05:24,728 INFO L290 TraceCheckUtils]: 109: Hoare triple {608#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {608#false} is VALID [2022-02-20 18:05:24,729 INFO L290 TraceCheckUtils]: 110: Hoare triple {608#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {608#false} is VALID [2022-02-20 18:05:24,729 INFO L290 TraceCheckUtils]: 111: Hoare triple {608#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {608#false} is VALID [2022-02-20 18:05:24,729 INFO L272 TraceCheckUtils]: 112: Hoare triple {608#false} call setEmailFrom(~msg#1, ~tmp~2#1); {686#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:24,729 INFO L290 TraceCheckUtils]: 113: Hoare triple {686#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {607#true} is VALID [2022-02-20 18:05:24,729 INFO L290 TraceCheckUtils]: 114: Hoare triple {607#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {607#true} is VALID [2022-02-20 18:05:24,730 INFO L290 TraceCheckUtils]: 115: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,730 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {607#true} {608#false} #1659#return; {608#false} is VALID [2022-02-20 18:05:24,730 INFO L290 TraceCheckUtils]: 117: Hoare triple {608#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {608#false} is VALID [2022-02-20 18:05:24,730 INFO L290 TraceCheckUtils]: 118: Hoare triple {608#false} assume 0 != ~in_encrypted~0; {608#false} is VALID [2022-02-20 18:05:24,730 INFO L272 TraceCheckUtils]: 119: Hoare triple {608#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {607#true} is VALID [2022-02-20 18:05:24,731 INFO L290 TraceCheckUtils]: 120: Hoare triple {607#true} ~handle := #in~handle;havoc ~retValue_acc~6; {607#true} is VALID [2022-02-20 18:05:24,731 INFO L290 TraceCheckUtils]: 121: Hoare triple {607#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {607#true} is VALID [2022-02-20 18:05:24,731 INFO L290 TraceCheckUtils]: 122: Hoare triple {607#true} assume true; {607#true} is VALID [2022-02-20 18:05:24,731 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {607#true} {608#false} #1661#return; {608#false} is VALID [2022-02-20 18:05:24,731 INFO L290 TraceCheckUtils]: 124: Hoare triple {608#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {608#false} is VALID [2022-02-20 18:05:24,732 INFO L290 TraceCheckUtils]: 125: Hoare triple {608#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {608#false} is VALID [2022-02-20 18:05:24,732 INFO L290 TraceCheckUtils]: 126: Hoare triple {608#false} assume !false; {608#false} is VALID [2022-02-20 18:05:24,733 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:05:24,733 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:24,733 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1563930568] [2022-02-20 18:05:24,734 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1563930568] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:24,734 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:24,734 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:05:24,736 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [666075989] [2022-02-20 18:05:24,737 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:24,741 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 127 [2022-02-20 18:05:24,743 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:24,746 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:24,834 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 104 edges. 104 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:24,834 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:05:24,835 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:24,851 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:05:24,852 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:05:24,857 INFO L87 Difference]: Start difference. First operand has 604 states, 449 states have (on average 1.5144766146993318) internal successors, (680), 469 states have internal predecessors, (680), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (110), 109 states have call predecessors, (110), 110 states have call successors, (110) Second operand has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:30,388 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:30,391 INFO L93 Difference]: Finished difference Result 1081 states and 1630 transitions. [2022-02-20 18:05:30,391 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:05:30,392 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 127 [2022-02-20 18:05:30,392 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:30,394 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:30,540 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1630 transitions. [2022-02-20 18:05:30,541 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:30,630 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 1630 transitions. [2022-02-20 18:05:30,631 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 1630 transitions. [2022-02-20 18:05:32,289 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1630 edges. 1630 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:32,383 INFO L225 Difference]: With dead ends: 1081 [2022-02-20 18:05:32,383 INFO L226 Difference]: Without dead ends: 739 [2022-02-20 18:05:32,393 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:05:32,398 INFO L933 BasicCegarLoop]: 921 mSDtfsCounter, 1360 mSDsluCounter, 714 mSDsCounter, 0 mSdLazyCounter, 523 mSolverCounterSat, 632 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1366 SdHoareTripleChecker+Valid, 1635 SdHoareTripleChecker+Invalid, 1155 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 632 IncrementalHoareTripleChecker+Valid, 523 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:32,400 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1366 Valid, 1635 Invalid, 1155 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [632 Valid, 523 Invalid, 0 Unknown, 0 Unchecked, 2.1s Time] [2022-02-20 18:05:32,418 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 739 states. [2022-02-20 18:05:32,502 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 739 to 597. [2022-02-20 18:05:32,503 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:32,507 INFO L82 GeneralOperation]: Start isEquivalent. First operand 739 states. Second operand has 597 states, 443 states have (on average 1.510158013544018) internal successors, (669), 462 states have internal predecessors, (669), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:05:32,511 INFO L74 IsIncluded]: Start isIncluded. First operand 739 states. Second operand has 597 states, 443 states have (on average 1.510158013544018) internal successors, (669), 462 states have internal predecessors, (669), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:05:32,514 INFO L87 Difference]: Start difference. First operand 739 states. Second operand has 597 states, 443 states have (on average 1.510158013544018) internal successors, (669), 462 states have internal predecessors, (669), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:05:32,562 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:32,562 INFO L93 Difference]: Finished difference Result 739 states and 1128 transitions. [2022-02-20 18:05:32,562 INFO L276 IsEmpty]: Start isEmpty. Operand 739 states and 1128 transitions. [2022-02-20 18:05:32,568 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:32,569 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:32,572 INFO L74 IsIncluded]: Start isIncluded. First operand has 597 states, 443 states have (on average 1.510158013544018) internal successors, (669), 462 states have internal predecessors, (669), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 739 states. [2022-02-20 18:05:32,575 INFO L87 Difference]: Start difference. First operand has 597 states, 443 states have (on average 1.510158013544018) internal successors, (669), 462 states have internal predecessors, (669), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 739 states. [2022-02-20 18:05:32,618 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:32,619 INFO L93 Difference]: Finished difference Result 739 states and 1128 transitions. [2022-02-20 18:05:32,619 INFO L276 IsEmpty]: Start isEmpty. Operand 739 states and 1128 transitions. [2022-02-20 18:05:32,623 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:32,624 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:32,624 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:32,624 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:32,626 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 597 states, 443 states have (on average 1.510158013544018) internal successors, (669), 462 states have internal predecessors, (669), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:05:32,667 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 597 states to 597 states and 888 transitions. [2022-02-20 18:05:32,669 INFO L78 Accepts]: Start accepts. Automaton has 597 states and 888 transitions. Word has length 127 [2022-02-20 18:05:32,671 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:32,671 INFO L470 AbstractCegarLoop]: Abstraction has 597 states and 888 transitions. [2022-02-20 18:05:32,672 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 12.6) internal successors, (63), 2 states have internal predecessors, (63), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:32,672 INFO L276 IsEmpty]: Start isEmpty. Operand 597 states and 888 transitions. [2022-02-20 18:05:32,675 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 129 [2022-02-20 18:05:32,675 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:32,676 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:32,676 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:05:32,678 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:32,679 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:32,679 INFO L85 PathProgramCache]: Analyzing trace with hash -1140437170, now seen corresponding path program 1 times [2022-02-20 18:05:32,679 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:32,679 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1171096100] [2022-02-20 18:05:32,679 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:32,680 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:32,749 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,828 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:05:32,831 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,835 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,835 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,835 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1733#return; {4521#true} is VALID [2022-02-20 18:05:32,836 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:05:32,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,843 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,844 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,844 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1735#return; {4521#true} is VALID [2022-02-20 18:05:32,844 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:05:32,848 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,851 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,851 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,851 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1737#return; {4521#true} is VALID [2022-02-20 18:05:32,852 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:32,856 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,864 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,864 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,864 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1739#return; {4521#true} is VALID [2022-02-20 18:05:32,865 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:05:32,889 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,892 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,892 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,892 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1741#return; {4521#true} is VALID [2022-02-20 18:05:32,893 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:05:32,895 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,897 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,897 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,898 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1743#return; {4521#true} is VALID [2022-02-20 18:05:32,898 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:05:32,900 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,902 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,902 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,902 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1745#return; {4521#true} is VALID [2022-02-20 18:05:32,902 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:05:32,904 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,906 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,907 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,907 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4521#true} {4521#true} #1747#return; {4521#true} is VALID [2022-02-20 18:05:32,913 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 50 [2022-02-20 18:05:32,915 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,917 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:32,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,920 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,921 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,921 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,921 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4521#true} #1731#return; {4521#true} is VALID [2022-02-20 18:05:32,921 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4521#true} is VALID [2022-02-20 18:05:32,922 INFO L272 TraceCheckUtils]: 1: Hoare triple {4521#true} call setClientId(~bob___0, ~bob___0); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:32,922 INFO L290 TraceCheckUtils]: 2: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,922 INFO L290 TraceCheckUtils]: 3: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,922 INFO L290 TraceCheckUtils]: 4: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,923 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4521#true} {4521#true} #1731#return; {4521#true} is VALID [2022-02-20 18:05:32,923 INFO L290 TraceCheckUtils]: 6: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,923 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4521#true} {4522#false} #1753#return; {4522#false} is VALID [2022-02-20 18:05:32,923 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:05:32,925 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,927 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:32,928 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,931 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,931 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,931 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,931 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4521#true} #1683#return; {4521#true} is VALID [2022-02-20 18:05:32,931 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4521#true} is VALID [2022-02-20 18:05:32,932 INFO L272 TraceCheckUtils]: 1: Hoare triple {4521#true} call setClientId(~rjh___0, ~rjh___0); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:32,932 INFO L290 TraceCheckUtils]: 2: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,933 INFO L290 TraceCheckUtils]: 3: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,933 INFO L290 TraceCheckUtils]: 4: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,933 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4521#true} {4521#true} #1683#return; {4521#true} is VALID [2022-02-20 18:05:32,933 INFO L290 TraceCheckUtils]: 6: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,933 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4521#true} {4522#false} #1759#return; {4522#false} is VALID [2022-02-20 18:05:32,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:05:32,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,938 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:32,939 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,941 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,942 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,942 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,942 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4521#true} #1625#return; {4521#true} is VALID [2022-02-20 18:05:32,942 INFO L290 TraceCheckUtils]: 0: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4521#true} is VALID [2022-02-20 18:05:32,943 INFO L272 TraceCheckUtils]: 1: Hoare triple {4521#true} call setClientId(~chuck___0, ~chuck___0); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:32,943 INFO L290 TraceCheckUtils]: 2: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,944 INFO L290 TraceCheckUtils]: 3: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,944 INFO L290 TraceCheckUtils]: 4: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,944 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {4521#true} {4521#true} #1625#return; {4521#true} is VALID [2022-02-20 18:05:32,944 INFO L290 TraceCheckUtils]: 6: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,944 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {4521#true} {4522#false} #1765#return; {4522#false} is VALID [2022-02-20 18:05:32,951 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:05:32,953 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,956 INFO L290 TraceCheckUtils]: 0: Hoare triple {4603#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,956 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,956 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,957 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1647#return; {4522#false} is VALID [2022-02-20 18:05:32,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:05:32,965 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,967 INFO L290 TraceCheckUtils]: 0: Hoare triple {4604#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,967 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,968 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1649#return; {4522#false} is VALID [2022-02-20 18:05:32,968 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:05:32,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,971 INFO L290 TraceCheckUtils]: 0: Hoare triple {4603#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,971 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,971 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,972 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1659#return; {4522#false} is VALID [2022-02-20 18:05:32,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 18:05:32,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:32,975 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} ~handle := #in~handle;havoc ~retValue_acc~6; {4521#true} is VALID [2022-02-20 18:05:32,975 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {4521#true} is VALID [2022-02-20 18:05:32,975 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,975 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4521#true} {4522#false} #1661#return; {4522#false} is VALID [2022-02-20 18:05:32,975 INFO L290 TraceCheckUtils]: 0: Hoare triple {4521#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {4521#true} is VALID [2022-02-20 18:05:32,976 INFO L290 TraceCheckUtils]: 1: Hoare triple {4521#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {4521#true} is VALID [2022-02-20 18:05:32,976 INFO L290 TraceCheckUtils]: 2: Hoare triple {4521#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {4521#true} is VALID [2022-02-20 18:05:32,976 INFO L272 TraceCheckUtils]: 3: Hoare triple {4521#true} call select_features_#t~ret96#1 := select_one(); {4521#true} is VALID [2022-02-20 18:05:32,976 INFO L290 TraceCheckUtils]: 4: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,976 INFO L290 TraceCheckUtils]: 5: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,977 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {4521#true} {4521#true} #1733#return; {4521#true} is VALID [2022-02-20 18:05:32,977 INFO L290 TraceCheckUtils]: 7: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {4521#true} is VALID [2022-02-20 18:05:32,977 INFO L272 TraceCheckUtils]: 8: Hoare triple {4521#true} call select_features_#t~ret97#1 := select_one(); {4521#true} is VALID [2022-02-20 18:05:32,977 INFO L290 TraceCheckUtils]: 9: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,977 INFO L290 TraceCheckUtils]: 10: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,977 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {4521#true} {4521#true} #1735#return; {4521#true} is VALID [2022-02-20 18:05:32,977 INFO L290 TraceCheckUtils]: 12: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {4521#true} is VALID [2022-02-20 18:05:32,978 INFO L272 TraceCheckUtils]: 13: Hoare triple {4521#true} call select_features_#t~ret98#1 := select_one(); {4521#true} is VALID [2022-02-20 18:05:32,978 INFO L290 TraceCheckUtils]: 14: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,978 INFO L290 TraceCheckUtils]: 15: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,978 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4521#true} {4521#true} #1737#return; {4521#true} is VALID [2022-02-20 18:05:32,978 INFO L290 TraceCheckUtils]: 17: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {4521#true} is VALID [2022-02-20 18:05:32,978 INFO L272 TraceCheckUtils]: 18: Hoare triple {4521#true} call select_features_#t~ret99#1 := select_one(); {4521#true} is VALID [2022-02-20 18:05:32,979 INFO L290 TraceCheckUtils]: 19: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,979 INFO L290 TraceCheckUtils]: 20: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,979 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {4521#true} {4521#true} #1739#return; {4521#true} is VALID [2022-02-20 18:05:32,979 INFO L290 TraceCheckUtils]: 22: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {4521#true} is VALID [2022-02-20 18:05:32,979 INFO L272 TraceCheckUtils]: 23: Hoare triple {4521#true} call select_features_#t~ret100#1 := select_one(); {4521#true} is VALID [2022-02-20 18:05:32,979 INFO L290 TraceCheckUtils]: 24: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,979 INFO L290 TraceCheckUtils]: 25: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,980 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {4521#true} {4521#true} #1741#return; {4521#true} is VALID [2022-02-20 18:05:32,980 INFO L290 TraceCheckUtils]: 27: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {4521#true} is VALID [2022-02-20 18:05:32,980 INFO L272 TraceCheckUtils]: 28: Hoare triple {4521#true} call select_features_#t~ret101#1 := select_one(); {4521#true} is VALID [2022-02-20 18:05:32,980 INFO L290 TraceCheckUtils]: 29: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,980 INFO L290 TraceCheckUtils]: 30: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,980 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {4521#true} {4521#true} #1743#return; {4521#true} is VALID [2022-02-20 18:05:32,981 INFO L290 TraceCheckUtils]: 32: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {4521#true} is VALID [2022-02-20 18:05:32,981 INFO L272 TraceCheckUtils]: 33: Hoare triple {4521#true} call select_features_#t~ret102#1 := select_one(); {4521#true} is VALID [2022-02-20 18:05:32,981 INFO L290 TraceCheckUtils]: 34: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,981 INFO L290 TraceCheckUtils]: 35: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,981 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4521#true} {4521#true} #1745#return; {4521#true} is VALID [2022-02-20 18:05:32,981 INFO L290 TraceCheckUtils]: 37: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {4521#true} is VALID [2022-02-20 18:05:32,981 INFO L272 TraceCheckUtils]: 38: Hoare triple {4521#true} call select_features_#t~ret103#1 := select_one(); {4521#true} is VALID [2022-02-20 18:05:32,982 INFO L290 TraceCheckUtils]: 39: Hoare triple {4521#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {4521#true} is VALID [2022-02-20 18:05:32,982 INFO L290 TraceCheckUtils]: 40: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,982 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {4521#true} {4521#true} #1747#return; {4521#true} is VALID [2022-02-20 18:05:32,982 INFO L290 TraceCheckUtils]: 42: Hoare triple {4521#true} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {4521#true} is VALID [2022-02-20 18:05:32,982 INFO L290 TraceCheckUtils]: 43: Hoare triple {4521#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {4521#true} is VALID [2022-02-20 18:05:32,982 INFO L290 TraceCheckUtils]: 44: Hoare triple {4521#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {4521#true} is VALID [2022-02-20 18:05:32,983 INFO L290 TraceCheckUtils]: 45: Hoare triple {4521#true} assume !(0 != ~__SELECTED_FEATURE_Decrypt~0);valid_product_~tmp~20#1 := 0; {4547#(= |ULTIMATE.start_valid_product_~tmp~20#1| 0)} is VALID [2022-02-20 18:05:32,983 INFO L290 TraceCheckUtils]: 46: Hoare triple {4547#(= |ULTIMATE.start_valid_product_~tmp~20#1| 0)} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {4548#(= |ULTIMATE.start_valid_product_#res#1| 0)} is VALID [2022-02-20 18:05:32,984 INFO L290 TraceCheckUtils]: 47: Hoare triple {4548#(= |ULTIMATE.start_valid_product_#res#1| 0)} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {4549#(= |ULTIMATE.start_main_~tmp~14#1| 0)} is VALID [2022-02-20 18:05:32,984 INFO L290 TraceCheckUtils]: 48: Hoare triple {4549#(= |ULTIMATE.start_main_~tmp~14#1| 0)} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {4522#false} is VALID [2022-02-20 18:05:32,984 INFO L290 TraceCheckUtils]: 49: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4522#false} is VALID [2022-02-20 18:05:32,985 INFO L272 TraceCheckUtils]: 50: Hoare triple {4522#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:32,985 INFO L290 TraceCheckUtils]: 51: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {4521#true} is VALID [2022-02-20 18:05:32,985 INFO L272 TraceCheckUtils]: 52: Hoare triple {4521#true} call setClientId(~bob___0, ~bob___0); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:32,986 INFO L290 TraceCheckUtils]: 53: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,986 INFO L290 TraceCheckUtils]: 54: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,986 INFO L290 TraceCheckUtils]: 55: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,986 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {4521#true} {4521#true} #1731#return; {4521#true} is VALID [2022-02-20 18:05:32,986 INFO L290 TraceCheckUtils]: 57: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,986 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4521#true} {4522#false} #1753#return; {4522#false} is VALID [2022-02-20 18:05:32,987 INFO L290 TraceCheckUtils]: 59: Hoare triple {4522#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {4522#false} is VALID [2022-02-20 18:05:32,987 INFO L290 TraceCheckUtils]: 60: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4522#false} is VALID [2022-02-20 18:05:32,987 INFO L272 TraceCheckUtils]: 61: Hoare triple {4522#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:32,987 INFO L290 TraceCheckUtils]: 62: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {4521#true} is VALID [2022-02-20 18:05:32,988 INFO L272 TraceCheckUtils]: 63: Hoare triple {4521#true} call setClientId(~rjh___0, ~rjh___0); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:32,988 INFO L290 TraceCheckUtils]: 64: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,988 INFO L290 TraceCheckUtils]: 65: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,988 INFO L290 TraceCheckUtils]: 66: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,988 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {4521#true} {4521#true} #1683#return; {4521#true} is VALID [2022-02-20 18:05:32,988 INFO L290 TraceCheckUtils]: 68: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,989 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {4521#true} {4522#false} #1759#return; {4522#false} is VALID [2022-02-20 18:05:32,989 INFO L290 TraceCheckUtils]: 70: Hoare triple {4522#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {4522#false} is VALID [2022-02-20 18:05:32,989 INFO L290 TraceCheckUtils]: 71: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {4522#false} is VALID [2022-02-20 18:05:32,989 INFO L272 TraceCheckUtils]: 72: Hoare triple {4522#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:32,989 INFO L290 TraceCheckUtils]: 73: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {4521#true} is VALID [2022-02-20 18:05:32,990 INFO L272 TraceCheckUtils]: 74: Hoare triple {4521#true} call setClientId(~chuck___0, ~chuck___0); {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:32,990 INFO L290 TraceCheckUtils]: 75: Hoare triple {4590#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,990 INFO L290 TraceCheckUtils]: 76: Hoare triple {4521#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,990 INFO L290 TraceCheckUtils]: 77: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,990 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {4521#true} {4521#true} #1625#return; {4521#true} is VALID [2022-02-20 18:05:32,991 INFO L290 TraceCheckUtils]: 79: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,991 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {4521#true} {4522#false} #1765#return; {4522#false} is VALID [2022-02-20 18:05:32,991 INFO L290 TraceCheckUtils]: 81: Hoare triple {4522#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {4522#false} is VALID [2022-02-20 18:05:32,991 INFO L290 TraceCheckUtils]: 82: Hoare triple {4522#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4522#false} is VALID [2022-02-20 18:05:32,991 INFO L290 TraceCheckUtils]: 83: Hoare triple {4522#false} assume !false; {4522#false} is VALID [2022-02-20 18:05:32,991 INFO L290 TraceCheckUtils]: 84: Hoare triple {4522#false} assume !(test_~splverifierCounter~0#1 < 4); {4522#false} is VALID [2022-02-20 18:05:32,992 INFO L290 TraceCheckUtils]: 85: Hoare triple {4522#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {4522#false} is VALID [2022-02-20 18:05:32,992 INFO L272 TraceCheckUtils]: 86: Hoare triple {4522#false} call sendEmail(~bob~0, ~rjh~0); {4522#false} is VALID [2022-02-20 18:05:32,992 INFO L290 TraceCheckUtils]: 87: Hoare triple {4522#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4522#false} is VALID [2022-02-20 18:05:32,992 INFO L272 TraceCheckUtils]: 88: Hoare triple {4522#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4603#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:32,992 INFO L290 TraceCheckUtils]: 89: Hoare triple {4603#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,992 INFO L290 TraceCheckUtils]: 90: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,993 INFO L290 TraceCheckUtils]: 91: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,993 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {4521#true} {4522#false} #1647#return; {4522#false} is VALID [2022-02-20 18:05:32,993 INFO L272 TraceCheckUtils]: 93: Hoare triple {4522#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4604#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:32,993 INFO L290 TraceCheckUtils]: 94: Hoare triple {4604#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,993 INFO L290 TraceCheckUtils]: 95: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,993 INFO L290 TraceCheckUtils]: 96: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,993 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {4521#true} {4522#false} #1649#return; {4522#false} is VALID [2022-02-20 18:05:32,994 INFO L290 TraceCheckUtils]: 98: Hoare triple {4522#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {4522#false} is VALID [2022-02-20 18:05:32,994 INFO L290 TraceCheckUtils]: 99: Hoare triple {4522#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {4522#false} is VALID [2022-02-20 18:05:32,994 INFO L272 TraceCheckUtils]: 100: Hoare triple {4522#false} call outgoing(~sender#1, ~email~0#1); {4522#false} is VALID [2022-02-20 18:05:32,994 INFO L290 TraceCheckUtils]: 101: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4522#false} is VALID [2022-02-20 18:05:32,994 INFO L290 TraceCheckUtils]: 102: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {4522#false} is VALID [2022-02-20 18:05:32,994 INFO L272 TraceCheckUtils]: 103: Hoare triple {4522#false} call outgoing__before__Sign(~client#1, ~msg#1); {4522#false} is VALID [2022-02-20 18:05:32,994 INFO L290 TraceCheckUtils]: 104: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4522#false} is VALID [2022-02-20 18:05:32,995 INFO L290 TraceCheckUtils]: 105: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {4522#false} is VALID [2022-02-20 18:05:32,995 INFO L272 TraceCheckUtils]: 106: Hoare triple {4522#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {4522#false} is VALID [2022-02-20 18:05:32,995 INFO L290 TraceCheckUtils]: 107: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {4522#false} is VALID [2022-02-20 18:05:32,995 INFO L290 TraceCheckUtils]: 108: Hoare triple {4522#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {4522#false} is VALID [2022-02-20 18:05:32,995 INFO L272 TraceCheckUtils]: 109: Hoare triple {4522#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {4522#false} is VALID [2022-02-20 18:05:32,995 INFO L290 TraceCheckUtils]: 110: Hoare triple {4522#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {4522#false} is VALID [2022-02-20 18:05:32,996 INFO L290 TraceCheckUtils]: 111: Hoare triple {4522#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {4522#false} is VALID [2022-02-20 18:05:32,996 INFO L290 TraceCheckUtils]: 112: Hoare triple {4522#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {4522#false} is VALID [2022-02-20 18:05:32,996 INFO L272 TraceCheckUtils]: 113: Hoare triple {4522#false} call setEmailFrom(~msg#1, ~tmp~2#1); {4603#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:32,996 INFO L290 TraceCheckUtils]: 114: Hoare triple {4603#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4521#true} is VALID [2022-02-20 18:05:32,996 INFO L290 TraceCheckUtils]: 115: Hoare triple {4521#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4521#true} is VALID [2022-02-20 18:05:32,996 INFO L290 TraceCheckUtils]: 116: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,996 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {4521#true} {4522#false} #1659#return; {4522#false} is VALID [2022-02-20 18:05:32,997 INFO L290 TraceCheckUtils]: 118: Hoare triple {4522#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {4522#false} is VALID [2022-02-20 18:05:32,997 INFO L290 TraceCheckUtils]: 119: Hoare triple {4522#false} assume 0 != ~in_encrypted~0; {4522#false} is VALID [2022-02-20 18:05:32,997 INFO L272 TraceCheckUtils]: 120: Hoare triple {4522#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {4521#true} is VALID [2022-02-20 18:05:32,997 INFO L290 TraceCheckUtils]: 121: Hoare triple {4521#true} ~handle := #in~handle;havoc ~retValue_acc~6; {4521#true} is VALID [2022-02-20 18:05:32,997 INFO L290 TraceCheckUtils]: 122: Hoare triple {4521#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {4521#true} is VALID [2022-02-20 18:05:32,997 INFO L290 TraceCheckUtils]: 123: Hoare triple {4521#true} assume true; {4521#true} is VALID [2022-02-20 18:05:32,997 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {4521#true} {4522#false} #1661#return; {4522#false} is VALID [2022-02-20 18:05:32,998 INFO L290 TraceCheckUtils]: 125: Hoare triple {4522#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {4522#false} is VALID [2022-02-20 18:05:32,998 INFO L290 TraceCheckUtils]: 126: Hoare triple {4522#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {4522#false} is VALID [2022-02-20 18:05:32,998 INFO L290 TraceCheckUtils]: 127: Hoare triple {4522#false} assume !false; {4522#false} is VALID [2022-02-20 18:05:32,998 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:05:32,999 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:32,999 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1171096100] [2022-02-20 18:05:32,999 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1171096100] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:32,999 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:32,999 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:05:32,999 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1200126994] [2022-02-20 18:05:33,000 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:33,001 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 128 [2022-02-20 18:05:33,002 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:33,002 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:33,103 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:33,103 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:05:33,104 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:33,104 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:05:33,104 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:05:33,105 INFO L87 Difference]: Start difference. First operand 597 states and 888 transitions. Second operand has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:43,394 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:43,394 INFO L93 Difference]: Finished difference Result 1300 states and 1960 transitions. [2022-02-20 18:05:43,394 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 18:05:43,395 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 128 [2022-02-20 18:05:43,395 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:43,395 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:43,427 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1960 transitions. [2022-02-20 18:05:43,427 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:43,462 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1960 transitions. [2022-02-20 18:05:43,462 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1960 transitions. [2022-02-20 18:05:45,354 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1960 edges. 1960 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:45,386 INFO L225 Difference]: With dead ends: 1300 [2022-02-20 18:05:45,386 INFO L226 Difference]: Without dead ends: 739 [2022-02-20 18:05:45,389 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=139, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:05:45,390 INFO L933 BasicCegarLoop]: 914 mSDtfsCounter, 1349 mSDsluCounter, 1474 mSDsCounter, 0 mSdLazyCounter, 2942 mSolverCounterSat, 643 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1354 SdHoareTripleChecker+Valid, 2388 SdHoareTripleChecker+Invalid, 3585 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 643 IncrementalHoareTripleChecker+Valid, 2942 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.6s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:45,390 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1354 Valid, 2388 Invalid, 3585 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [643 Valid, 2942 Invalid, 0 Unknown, 0 Unchecked, 4.6s Time] [2022-02-20 18:05:45,392 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 739 states. [2022-02-20 18:05:45,416 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 739 to 597. [2022-02-20 18:05:45,417 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:45,418 INFO L82 GeneralOperation]: Start isEquivalent. First operand 739 states. Second operand has 597 states, 443 states have (on average 1.4943566591422122) internal successors, (662), 462 states have internal predecessors, (662), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:05:45,419 INFO L74 IsIncluded]: Start isIncluded. First operand 739 states. Second operand has 597 states, 443 states have (on average 1.4943566591422122) internal successors, (662), 462 states have internal predecessors, (662), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:05:45,420 INFO L87 Difference]: Start difference. First operand 739 states. Second operand has 597 states, 443 states have (on average 1.4943566591422122) internal successors, (662), 462 states have internal predecessors, (662), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:05:45,460 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:45,461 INFO L93 Difference]: Finished difference Result 739 states and 1121 transitions. [2022-02-20 18:05:45,461 INFO L276 IsEmpty]: Start isEmpty. Operand 739 states and 1121 transitions. [2022-02-20 18:05:45,464 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:45,464 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:45,465 INFO L74 IsIncluded]: Start isIncluded. First operand has 597 states, 443 states have (on average 1.4943566591422122) internal successors, (662), 462 states have internal predecessors, (662), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 739 states. [2022-02-20 18:05:45,467 INFO L87 Difference]: Start difference. First operand has 597 states, 443 states have (on average 1.4943566591422122) internal successors, (662), 462 states have internal predecessors, (662), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) Second operand 739 states. [2022-02-20 18:05:45,497 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:45,497 INFO L93 Difference]: Finished difference Result 739 states and 1121 transitions. [2022-02-20 18:05:45,497 INFO L276 IsEmpty]: Start isEmpty. Operand 739 states and 1121 transitions. [2022-02-20 18:05:45,500 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:45,500 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:45,500 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:45,500 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:45,502 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 597 states, 443 states have (on average 1.4943566591422122) internal successors, (662), 462 states have internal predecessors, (662), 110 states have call successors, (110), 43 states have call predecessors, (110), 43 states have return successors, (109), 108 states have call predecessors, (109), 109 states have call successors, (109) [2022-02-20 18:05:45,526 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 597 states to 597 states and 881 transitions. [2022-02-20 18:05:45,527 INFO L78 Accepts]: Start accepts. Automaton has 597 states and 881 transitions. Word has length 128 [2022-02-20 18:05:45,527 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:45,527 INFO L470 AbstractCegarLoop]: Abstraction has 597 states and 881 transitions. [2022-02-20 18:05:45,528 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:05:45,528 INFO L276 IsEmpty]: Start isEmpty. Operand 597 states and 881 transitions. [2022-02-20 18:05:45,530 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 134 [2022-02-20 18:05:45,530 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:45,530 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:45,530 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:05:45,530 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:45,531 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:45,531 INFO L85 PathProgramCache]: Analyzing trace with hash 123449077, now seen corresponding path program 1 times [2022-02-20 18:05:45,531 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:45,531 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1827981480] [2022-02-20 18:05:45,531 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:45,532 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:45,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:05:45,620 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,624 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,624 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,624 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8733#true} #1733#return; {8733#true} is VALID [2022-02-20 18:05:45,625 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:05:45,631 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,634 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,634 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,634 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8733#true} #1735#return; {8733#true} is VALID [2022-02-20 18:05:45,634 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:05:45,638 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,644 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,644 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,645 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1737#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,645 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:45,652 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,655 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,656 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,657 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1739#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,657 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:05:45,661 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,666 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,666 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,667 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1741#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,667 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:05:45,672 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,680 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,680 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,681 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1743#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,681 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:05:45,686 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,690 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,690 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1745#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,690 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:05:45,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,696 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,696 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,697 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1747#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,703 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:05:45,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,714 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:45,715 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,719 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,719 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,719 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,719 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8733#true} #1731#return; {8733#true} is VALID [2022-02-20 18:05:45,719 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8733#true} is VALID [2022-02-20 18:05:45,720 INFO L272 TraceCheckUtils]: 1: Hoare triple {8733#true} call setClientId(~bob___0, ~bob___0); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:45,720 INFO L290 TraceCheckUtils]: 2: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,720 INFO L290 TraceCheckUtils]: 3: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,721 INFO L290 TraceCheckUtils]: 4: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,721 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8733#true} {8733#true} #1731#return; {8733#true} is VALID [2022-02-20 18:05:45,721 INFO L290 TraceCheckUtils]: 6: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,721 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8733#true} {8734#false} #1753#return; {8734#false} is VALID [2022-02-20 18:05:45,721 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:05:45,723 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,726 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:45,727 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,729 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,729 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,729 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,729 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8733#true} #1683#return; {8733#true} is VALID [2022-02-20 18:05:45,729 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8733#true} is VALID [2022-02-20 18:05:45,730 INFO L272 TraceCheckUtils]: 1: Hoare triple {8733#true} call setClientId(~rjh___0, ~rjh___0); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:45,730 INFO L290 TraceCheckUtils]: 2: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,730 INFO L290 TraceCheckUtils]: 3: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,730 INFO L290 TraceCheckUtils]: 4: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,730 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8733#true} {8733#true} #1683#return; {8733#true} is VALID [2022-02-20 18:05:45,731 INFO L290 TraceCheckUtils]: 6: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,731 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8733#true} {8734#false} #1759#return; {8734#false} is VALID [2022-02-20 18:05:45,731 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:05:45,734 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,737 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:45,741 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,744 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,744 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,744 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,744 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8733#true} #1625#return; {8733#true} is VALID [2022-02-20 18:05:45,744 INFO L290 TraceCheckUtils]: 0: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8733#true} is VALID [2022-02-20 18:05:45,745 INFO L272 TraceCheckUtils]: 1: Hoare triple {8733#true} call setClientId(~chuck___0, ~chuck___0); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:45,745 INFO L290 TraceCheckUtils]: 2: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,745 INFO L290 TraceCheckUtils]: 3: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,745 INFO L290 TraceCheckUtils]: 4: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,746 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8733#true} {8733#true} #1625#return; {8733#true} is VALID [2022-02-20 18:05:45,746 INFO L290 TraceCheckUtils]: 6: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,746 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {8733#true} {8734#false} #1765#return; {8734#false} is VALID [2022-02-20 18:05:45,750 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:05:45,751 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,753 INFO L290 TraceCheckUtils]: 0: Hoare triple {8813#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,753 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,753 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,754 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8734#false} #1647#return; {8734#false} is VALID [2022-02-20 18:05:45,758 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:05:45,760 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,762 INFO L290 TraceCheckUtils]: 0: Hoare triple {8814#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,762 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,762 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,762 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8734#false} #1649#return; {8734#false} is VALID [2022-02-20 18:05:45,762 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:05:45,763 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,765 INFO L290 TraceCheckUtils]: 0: Hoare triple {8813#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,765 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,765 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,766 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8734#false} #1659#return; {8734#false} is VALID [2022-02-20 18:05:45,766 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:05:45,766 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:45,768 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} ~handle := #in~handle;havoc ~retValue_acc~6; {8733#true} is VALID [2022-02-20 18:05:45,769 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {8733#true} is VALID [2022-02-20 18:05:45,769 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,769 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8733#true} {8734#false} #1661#return; {8734#false} is VALID [2022-02-20 18:05:45,769 INFO L290 TraceCheckUtils]: 0: Hoare triple {8733#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8733#true} is VALID [2022-02-20 18:05:45,769 INFO L290 TraceCheckUtils]: 1: Hoare triple {8733#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {8733#true} is VALID [2022-02-20 18:05:45,769 INFO L290 TraceCheckUtils]: 2: Hoare triple {8733#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {8733#true} is VALID [2022-02-20 18:05:45,769 INFO L272 TraceCheckUtils]: 3: Hoare triple {8733#true} call select_features_#t~ret96#1 := select_one(); {8733#true} is VALID [2022-02-20 18:05:45,769 INFO L290 TraceCheckUtils]: 4: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,770 INFO L290 TraceCheckUtils]: 5: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,770 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {8733#true} {8733#true} #1733#return; {8733#true} is VALID [2022-02-20 18:05:45,770 INFO L290 TraceCheckUtils]: 7: Hoare triple {8733#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {8733#true} is VALID [2022-02-20 18:05:45,770 INFO L272 TraceCheckUtils]: 8: Hoare triple {8733#true} call select_features_#t~ret97#1 := select_one(); {8733#true} is VALID [2022-02-20 18:05:45,770 INFO L290 TraceCheckUtils]: 9: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,770 INFO L290 TraceCheckUtils]: 10: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,770 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {8733#true} {8733#true} #1735#return; {8733#true} is VALID [2022-02-20 18:05:45,771 INFO L290 TraceCheckUtils]: 12: Hoare triple {8733#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,771 INFO L272 TraceCheckUtils]: 13: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret98#1 := select_one(); {8733#true} is VALID [2022-02-20 18:05:45,771 INFO L290 TraceCheckUtils]: 14: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,771 INFO L290 TraceCheckUtils]: 15: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,772 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1737#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,772 INFO L290 TraceCheckUtils]: 17: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,772 INFO L272 TraceCheckUtils]: 18: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret99#1 := select_one(); {8733#true} is VALID [2022-02-20 18:05:45,772 INFO L290 TraceCheckUtils]: 19: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,772 INFO L290 TraceCheckUtils]: 20: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,773 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1739#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,773 INFO L290 TraceCheckUtils]: 22: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,773 INFO L272 TraceCheckUtils]: 23: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret100#1 := select_one(); {8733#true} is VALID [2022-02-20 18:05:45,773 INFO L290 TraceCheckUtils]: 24: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,773 INFO L290 TraceCheckUtils]: 25: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,774 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1741#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,774 INFO L290 TraceCheckUtils]: 27: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,774 INFO L272 TraceCheckUtils]: 28: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret101#1 := select_one(); {8733#true} is VALID [2022-02-20 18:05:45,774 INFO L290 TraceCheckUtils]: 29: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,774 INFO L290 TraceCheckUtils]: 30: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,775 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1743#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,775 INFO L290 TraceCheckUtils]: 32: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,775 INFO L272 TraceCheckUtils]: 33: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret102#1 := select_one(); {8733#true} is VALID [2022-02-20 18:05:45,775 INFO L290 TraceCheckUtils]: 34: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,775 INFO L290 TraceCheckUtils]: 35: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,776 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1745#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,776 INFO L290 TraceCheckUtils]: 37: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,776 INFO L272 TraceCheckUtils]: 38: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} call select_features_#t~ret103#1 := select_one(); {8733#true} is VALID [2022-02-20 18:05:45,776 INFO L290 TraceCheckUtils]: 39: Hoare triple {8733#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {8733#true} is VALID [2022-02-20 18:05:45,776 INFO L290 TraceCheckUtils]: 40: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,777 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {8733#true} {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} #1747#return; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,777 INFO L290 TraceCheckUtils]: 42: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,777 INFO L290 TraceCheckUtils]: 43: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} is VALID [2022-02-20 18:05:45,778 INFO L290 TraceCheckUtils]: 44: Hoare triple {8741#(= ~__SELECTED_FEATURE_Encrypt~0 1)} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8734#false} is VALID [2022-02-20 18:05:45,778 INFO L290 TraceCheckUtils]: 45: Hoare triple {8734#false} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {8734#false} is VALID [2022-02-20 18:05:45,778 INFO L290 TraceCheckUtils]: 46: Hoare triple {8734#false} assume 0 == ~__SELECTED_FEATURE_Encrypt~0; {8734#false} is VALID [2022-02-20 18:05:45,778 INFO L290 TraceCheckUtils]: 47: Hoare triple {8734#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8734#false} is VALID [2022-02-20 18:05:45,778 INFO L290 TraceCheckUtils]: 48: Hoare triple {8734#false} assume 0 == ~__SELECTED_FEATURE_Verify~0; {8734#false} is VALID [2022-02-20 18:05:45,778 INFO L290 TraceCheckUtils]: 49: Hoare triple {8734#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {8734#false} is VALID [2022-02-20 18:05:45,778 INFO L290 TraceCheckUtils]: 50: Hoare triple {8734#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~20#1 := 1; {8734#false} is VALID [2022-02-20 18:05:45,779 INFO L290 TraceCheckUtils]: 51: Hoare triple {8734#false} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {8734#false} is VALID [2022-02-20 18:05:45,779 INFO L290 TraceCheckUtils]: 52: Hoare triple {8734#false} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {8734#false} is VALID [2022-02-20 18:05:45,779 INFO L290 TraceCheckUtils]: 53: Hoare triple {8734#false} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {8734#false} is VALID [2022-02-20 18:05:45,779 INFO L290 TraceCheckUtils]: 54: Hoare triple {8734#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8734#false} is VALID [2022-02-20 18:05:45,779 INFO L272 TraceCheckUtils]: 55: Hoare triple {8734#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:45,779 INFO L290 TraceCheckUtils]: 56: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {8733#true} is VALID [2022-02-20 18:05:45,780 INFO L272 TraceCheckUtils]: 57: Hoare triple {8733#true} call setClientId(~bob___0, ~bob___0); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:45,780 INFO L290 TraceCheckUtils]: 58: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,780 INFO L290 TraceCheckUtils]: 59: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,780 INFO L290 TraceCheckUtils]: 60: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,780 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {8733#true} {8733#true} #1731#return; {8733#true} is VALID [2022-02-20 18:05:45,781 INFO L290 TraceCheckUtils]: 62: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,781 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {8733#true} {8734#false} #1753#return; {8734#false} is VALID [2022-02-20 18:05:45,781 INFO L290 TraceCheckUtils]: 64: Hoare triple {8734#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {8734#false} is VALID [2022-02-20 18:05:45,781 INFO L290 TraceCheckUtils]: 65: Hoare triple {8734#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8734#false} is VALID [2022-02-20 18:05:45,781 INFO L272 TraceCheckUtils]: 66: Hoare triple {8734#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:45,781 INFO L290 TraceCheckUtils]: 67: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {8733#true} is VALID [2022-02-20 18:05:45,782 INFO L272 TraceCheckUtils]: 68: Hoare triple {8733#true} call setClientId(~rjh___0, ~rjh___0); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:45,782 INFO L290 TraceCheckUtils]: 69: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,782 INFO L290 TraceCheckUtils]: 70: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,782 INFO L290 TraceCheckUtils]: 71: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,782 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {8733#true} {8733#true} #1683#return; {8733#true} is VALID [2022-02-20 18:05:45,782 INFO L290 TraceCheckUtils]: 73: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,782 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {8733#true} {8734#false} #1759#return; {8734#false} is VALID [2022-02-20 18:05:45,782 INFO L290 TraceCheckUtils]: 75: Hoare triple {8734#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {8734#false} is VALID [2022-02-20 18:05:45,783 INFO L290 TraceCheckUtils]: 76: Hoare triple {8734#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {8734#false} is VALID [2022-02-20 18:05:45,783 INFO L272 TraceCheckUtils]: 77: Hoare triple {8734#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:45,783 INFO L290 TraceCheckUtils]: 78: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {8733#true} is VALID [2022-02-20 18:05:45,783 INFO L272 TraceCheckUtils]: 79: Hoare triple {8733#true} call setClientId(~chuck___0, ~chuck___0); {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:45,784 INFO L290 TraceCheckUtils]: 80: Hoare triple {8800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,784 INFO L290 TraceCheckUtils]: 81: Hoare triple {8733#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,784 INFO L290 TraceCheckUtils]: 82: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,784 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {8733#true} {8733#true} #1625#return; {8733#true} is VALID [2022-02-20 18:05:45,784 INFO L290 TraceCheckUtils]: 84: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,784 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8733#true} {8734#false} #1765#return; {8734#false} is VALID [2022-02-20 18:05:45,784 INFO L290 TraceCheckUtils]: 86: Hoare triple {8734#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {8734#false} is VALID [2022-02-20 18:05:45,784 INFO L290 TraceCheckUtils]: 87: Hoare triple {8734#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8734#false} is VALID [2022-02-20 18:05:45,784 INFO L290 TraceCheckUtils]: 88: Hoare triple {8734#false} assume !false; {8734#false} is VALID [2022-02-20 18:05:45,785 INFO L290 TraceCheckUtils]: 89: Hoare triple {8734#false} assume !(test_~splverifierCounter~0#1 < 4); {8734#false} is VALID [2022-02-20 18:05:45,785 INFO L290 TraceCheckUtils]: 90: Hoare triple {8734#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {8734#false} is VALID [2022-02-20 18:05:45,785 INFO L272 TraceCheckUtils]: 91: Hoare triple {8734#false} call sendEmail(~bob~0, ~rjh~0); {8734#false} is VALID [2022-02-20 18:05:45,785 INFO L290 TraceCheckUtils]: 92: Hoare triple {8734#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8734#false} is VALID [2022-02-20 18:05:45,785 INFO L272 TraceCheckUtils]: 93: Hoare triple {8734#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8813#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:45,785 INFO L290 TraceCheckUtils]: 94: Hoare triple {8813#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,785 INFO L290 TraceCheckUtils]: 95: Hoare triple {8733#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,785 INFO L290 TraceCheckUtils]: 96: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,786 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8733#true} {8734#false} #1647#return; {8734#false} is VALID [2022-02-20 18:05:45,786 INFO L272 TraceCheckUtils]: 98: Hoare triple {8734#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8814#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:45,786 INFO L290 TraceCheckUtils]: 99: Hoare triple {8814#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,786 INFO L290 TraceCheckUtils]: 100: Hoare triple {8733#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,786 INFO L290 TraceCheckUtils]: 101: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,786 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {8733#true} {8734#false} #1649#return; {8734#false} is VALID [2022-02-20 18:05:45,786 INFO L290 TraceCheckUtils]: 103: Hoare triple {8734#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {8734#false} is VALID [2022-02-20 18:05:45,786 INFO L290 TraceCheckUtils]: 104: Hoare triple {8734#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {8734#false} is VALID [2022-02-20 18:05:45,786 INFO L272 TraceCheckUtils]: 105: Hoare triple {8734#false} call outgoing(~sender#1, ~email~0#1); {8734#false} is VALID [2022-02-20 18:05:45,786 INFO L290 TraceCheckUtils]: 106: Hoare triple {8734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8734#false} is VALID [2022-02-20 18:05:45,787 INFO L290 TraceCheckUtils]: 107: Hoare triple {8734#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {8734#false} is VALID [2022-02-20 18:05:45,787 INFO L272 TraceCheckUtils]: 108: Hoare triple {8734#false} call outgoing__before__Sign(~client#1, ~msg#1); {8734#false} is VALID [2022-02-20 18:05:45,787 INFO L290 TraceCheckUtils]: 109: Hoare triple {8734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8734#false} is VALID [2022-02-20 18:05:45,787 INFO L290 TraceCheckUtils]: 110: Hoare triple {8734#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {8734#false} is VALID [2022-02-20 18:05:45,787 INFO L272 TraceCheckUtils]: 111: Hoare triple {8734#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {8734#false} is VALID [2022-02-20 18:05:45,787 INFO L290 TraceCheckUtils]: 112: Hoare triple {8734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {8734#false} is VALID [2022-02-20 18:05:45,787 INFO L290 TraceCheckUtils]: 113: Hoare triple {8734#false} assume !(0 != ~__SELECTED_FEATURE_Encrypt~0); {8734#false} is VALID [2022-02-20 18:05:45,787 INFO L272 TraceCheckUtils]: 114: Hoare triple {8734#false} call outgoing__before__Encrypt(~client#1, ~msg#1); {8734#false} is VALID [2022-02-20 18:05:45,787 INFO L290 TraceCheckUtils]: 115: Hoare triple {8734#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {8734#false} is VALID [2022-02-20 18:05:45,788 INFO L290 TraceCheckUtils]: 116: Hoare triple {8734#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {8734#false} is VALID [2022-02-20 18:05:45,788 INFO L290 TraceCheckUtils]: 117: Hoare triple {8734#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {8734#false} is VALID [2022-02-20 18:05:45,788 INFO L272 TraceCheckUtils]: 118: Hoare triple {8734#false} call setEmailFrom(~msg#1, ~tmp~2#1); {8813#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:45,788 INFO L290 TraceCheckUtils]: 119: Hoare triple {8813#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8733#true} is VALID [2022-02-20 18:05:45,788 INFO L290 TraceCheckUtils]: 120: Hoare triple {8733#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8733#true} is VALID [2022-02-20 18:05:45,788 INFO L290 TraceCheckUtils]: 121: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,788 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {8733#true} {8734#false} #1659#return; {8734#false} is VALID [2022-02-20 18:05:45,788 INFO L290 TraceCheckUtils]: 123: Hoare triple {8734#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {8734#false} is VALID [2022-02-20 18:05:45,788 INFO L290 TraceCheckUtils]: 124: Hoare triple {8734#false} assume 0 != ~in_encrypted~0; {8734#false} is VALID [2022-02-20 18:05:45,789 INFO L272 TraceCheckUtils]: 125: Hoare triple {8734#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {8733#true} is VALID [2022-02-20 18:05:45,789 INFO L290 TraceCheckUtils]: 126: Hoare triple {8733#true} ~handle := #in~handle;havoc ~retValue_acc~6; {8733#true} is VALID [2022-02-20 18:05:45,789 INFO L290 TraceCheckUtils]: 127: Hoare triple {8733#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {8733#true} is VALID [2022-02-20 18:05:45,789 INFO L290 TraceCheckUtils]: 128: Hoare triple {8733#true} assume true; {8733#true} is VALID [2022-02-20 18:05:45,789 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {8733#true} {8734#false} #1661#return; {8734#false} is VALID [2022-02-20 18:05:45,789 INFO L290 TraceCheckUtils]: 130: Hoare triple {8734#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {8734#false} is VALID [2022-02-20 18:05:45,789 INFO L290 TraceCheckUtils]: 131: Hoare triple {8734#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {8734#false} is VALID [2022-02-20 18:05:45,789 INFO L290 TraceCheckUtils]: 132: Hoare triple {8734#false} assume !false; {8734#false} is VALID [2022-02-20 18:05:45,790 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:05:45,790 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:45,790 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1827981480] [2022-02-20 18:05:45,790 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1827981480] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:45,790 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:45,790 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:05:45,791 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [83597744] [2022-02-20 18:05:45,791 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:45,792 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) Word has length 133 [2022-02-20 18:05:45,792 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:45,792 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:05:45,872 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 110 edges. 110 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:45,873 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:05:45,873 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:45,873 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:05:45,874 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:05:45,874 INFO L87 Difference]: Start difference. First operand 597 states and 881 transitions. Second operand has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:05:51,700 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:51,701 INFO L93 Difference]: Finished difference Result 1310 states and 1992 transitions. [2022-02-20 18:05:51,701 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:05:51,701 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) Word has length 133 [2022-02-20 18:05:51,701 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:51,702 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:05:51,736 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1992 transitions. [2022-02-20 18:05:51,737 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:05:51,771 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1992 transitions. [2022-02-20 18:05:51,772 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1992 transitions. [2022-02-20 18:05:53,500 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1992 edges. 1992 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:53,529 INFO L225 Difference]: With dead ends: 1310 [2022-02-20 18:05:53,529 INFO L226 Difference]: Without dead ends: 738 [2022-02-20 18:05:53,531 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:05:53,532 INFO L933 BasicCegarLoop]: 883 mSDtfsCounter, 2066 mSDsluCounter, 662 mSDsCounter, 0 mSdLazyCounter, 521 mSolverCounterSat, 834 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2094 SdHoareTripleChecker+Valid, 1545 SdHoareTripleChecker+Invalid, 1355 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 834 IncrementalHoareTripleChecker+Valid, 521 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:53,532 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2094 Valid, 1545 Invalid, 1355 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [834 Valid, 521 Invalid, 0 Unknown, 0 Unchecked, 2.3s Time] [2022-02-20 18:05:53,534 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 738 states. [2022-02-20 18:05:53,552 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 738 to 596. [2022-02-20 18:05:53,552 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:53,553 INFO L82 GeneralOperation]: Start isEquivalent. First operand 738 states. Second operand has 596 states, 444 states have (on average 1.481981981981982) internal successors, (658), 461 states have internal predecessors, (658), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 18:05:53,555 INFO L74 IsIncluded]: Start isIncluded. First operand 738 states. Second operand has 596 states, 444 states have (on average 1.481981981981982) internal successors, (658), 461 states have internal predecessors, (658), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 18:05:53,556 INFO L87 Difference]: Start difference. First operand 738 states. Second operand has 596 states, 444 states have (on average 1.481981981981982) internal successors, (658), 461 states have internal predecessors, (658), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 18:05:53,580 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:53,581 INFO L93 Difference]: Finished difference Result 738 states and 1108 transitions. [2022-02-20 18:05:53,581 INFO L276 IsEmpty]: Start isEmpty. Operand 738 states and 1108 transitions. [2022-02-20 18:05:53,583 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:53,583 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:53,585 INFO L74 IsIncluded]: Start isIncluded. First operand has 596 states, 444 states have (on average 1.481981981981982) internal successors, (658), 461 states have internal predecessors, (658), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) Second operand 738 states. [2022-02-20 18:05:53,586 INFO L87 Difference]: Start difference. First operand has 596 states, 444 states have (on average 1.481981981981982) internal successors, (658), 461 states have internal predecessors, (658), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) Second operand 738 states. [2022-02-20 18:05:53,611 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:53,612 INFO L93 Difference]: Finished difference Result 738 states and 1108 transitions. [2022-02-20 18:05:53,612 INFO L276 IsEmpty]: Start isEmpty. Operand 738 states and 1108 transitions. [2022-02-20 18:05:53,614 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:53,614 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:53,614 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:53,614 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:53,616 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 596 states, 444 states have (on average 1.481981981981982) internal successors, (658), 461 states have internal predecessors, (658), 107 states have call successors, (107), 44 states have call predecessors, (107), 44 states have return successors, (106), 105 states have call predecessors, (106), 106 states have call successors, (106) [2022-02-20 18:05:53,637 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 596 states to 596 states and 871 transitions. [2022-02-20 18:05:53,637 INFO L78 Accepts]: Start accepts. Automaton has 596 states and 871 transitions. Word has length 133 [2022-02-20 18:05:53,637 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:53,638 INFO L470 AbstractCegarLoop]: Abstraction has 596 states and 871 transitions. [2022-02-20 18:05:53,638 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 11.5) internal successors, (69), 3 states have internal predecessors, (69), 3 states have call successors, (23), 5 states have call predecessors, (23), 1 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 18:05:53,638 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 871 transitions. [2022-02-20 18:05:53,640 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 150 [2022-02-20 18:05:53,640 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:53,640 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:53,640 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:05:53,640 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:53,641 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:53,641 INFO L85 PathProgramCache]: Analyzing trace with hash 235987301, now seen corresponding path program 1 times [2022-02-20 18:05:53,641 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:53,641 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1510760123] [2022-02-20 18:05:53,641 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:53,641 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:53,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,707 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:05:53,709 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,712 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,712 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,712 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1733#return; {12952#true} is VALID [2022-02-20 18:05:53,712 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:05:53,714 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,717 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,717 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,717 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1735#return; {12952#true} is VALID [2022-02-20 18:05:53,717 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:05:53,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,722 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,722 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,722 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1737#return; {12952#true} is VALID [2022-02-20 18:05:53,722 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:05:53,724 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,727 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,727 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,727 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1739#return; {12952#true} is VALID [2022-02-20 18:05:53,727 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:05:53,729 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,731 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,731 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,732 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1741#return; {12952#true} is VALID [2022-02-20 18:05:53,732 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:05:53,734 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,736 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,736 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,736 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1743#return; {12952#true} is VALID [2022-02-20 18:05:53,736 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:05:53,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,742 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,742 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,742 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1745#return; {12952#true} is VALID [2022-02-20 18:05:53,742 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:05:53,744 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,746 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,747 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,747 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12952#true} {12952#true} #1747#return; {12952#true} is VALID [2022-02-20 18:05:53,751 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:05:53,753 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,755 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:53,757 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,759 INFO L290 TraceCheckUtils]: 0: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,760 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,760 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,760 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12952#true} #1731#return; {12952#true} is VALID [2022-02-20 18:05:53,760 INFO L290 TraceCheckUtils]: 0: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12952#true} is VALID [2022-02-20 18:05:53,761 INFO L272 TraceCheckUtils]: 1: Hoare triple {12952#true} call setClientId(~bob___0, ~bob___0); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:53,761 INFO L290 TraceCheckUtils]: 2: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,761 INFO L290 TraceCheckUtils]: 3: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,761 INFO L290 TraceCheckUtils]: 4: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,761 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12952#true} {12952#true} #1731#return; {12952#true} is VALID [2022-02-20 18:05:53,761 INFO L290 TraceCheckUtils]: 6: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,764 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12952#true} {12953#false} #1753#return; {12953#false} is VALID [2022-02-20 18:05:53,764 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:05:53,766 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,768 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:53,769 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,771 INFO L290 TraceCheckUtils]: 0: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,771 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,772 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,772 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12952#true} #1683#return; {12952#true} is VALID [2022-02-20 18:05:53,772 INFO L290 TraceCheckUtils]: 0: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12952#true} is VALID [2022-02-20 18:05:53,772 INFO L272 TraceCheckUtils]: 1: Hoare triple {12952#true} call setClientId(~rjh___0, ~rjh___0); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:53,773 INFO L290 TraceCheckUtils]: 2: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,773 INFO L290 TraceCheckUtils]: 3: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,773 INFO L290 TraceCheckUtils]: 4: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,773 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12952#true} {12952#true} #1683#return; {12952#true} is VALID [2022-02-20 18:05:53,773 INFO L290 TraceCheckUtils]: 6: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,773 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12952#true} {12953#false} #1759#return; {12953#false} is VALID [2022-02-20 18:05:53,773 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:05:53,775 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,777 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:05:53,779 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,781 INFO L290 TraceCheckUtils]: 0: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,781 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,781 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,782 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12952#true} #1625#return; {12952#true} is VALID [2022-02-20 18:05:53,782 INFO L290 TraceCheckUtils]: 0: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12952#true} is VALID [2022-02-20 18:05:53,782 INFO L272 TraceCheckUtils]: 1: Hoare triple {12952#true} call setClientId(~chuck___0, ~chuck___0); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:53,783 INFO L290 TraceCheckUtils]: 2: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,783 INFO L290 TraceCheckUtils]: 3: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,783 INFO L290 TraceCheckUtils]: 4: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,783 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12952#true} {12952#true} #1625#return; {12952#true} is VALID [2022-02-20 18:05:53,783 INFO L290 TraceCheckUtils]: 6: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,783 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12952#true} {12953#false} #1765#return; {12953#false} is VALID [2022-02-20 18:05:53,787 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:05:53,789 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {13041#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,791 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,791 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,791 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12953#false} #1647#return; {12953#false} is VALID [2022-02-20 18:05:53,796 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:05:53,797 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,799 INFO L290 TraceCheckUtils]: 0: Hoare triple {13042#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,800 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,800 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,800 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12953#false} #1649#return; {12953#false} is VALID [2022-02-20 18:05:53,800 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:05:53,801 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,803 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} ~handle := #in~handle;havoc ~retValue_acc~3; {12952#true} is VALID [2022-02-20 18:05:53,803 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {12952#true} is VALID [2022-02-20 18:05:53,803 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,804 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12953#false} #1613#return; {12953#false} is VALID [2022-02-20 18:05:53,804 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:05:53,805 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,808 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {12952#true} is VALID [2022-02-20 18:05:53,808 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle; {12952#true} is VALID [2022-02-20 18:05:53,808 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {12952#true} is VALID [2022-02-20 18:05:53,808 INFO L290 TraceCheckUtils]: 3: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,809 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12952#true} {12953#false} #1615#return; {12953#false} is VALID [2022-02-20 18:05:53,809 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 134 [2022-02-20 18:05:53,810 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,817 INFO L290 TraceCheckUtils]: 0: Hoare triple {13041#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,817 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,817 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,817 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12953#false} #1659#return; {12953#false} is VALID [2022-02-20 18:05:53,817 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 18:05:53,818 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:53,821 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} ~handle := #in~handle;havoc ~retValue_acc~6; {12952#true} is VALID [2022-02-20 18:05:53,821 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {12952#true} is VALID [2022-02-20 18:05:53,821 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,821 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12952#true} {12953#false} #1661#return; {12953#false} is VALID [2022-02-20 18:05:53,822 INFO L290 TraceCheckUtils]: 0: Hoare triple {12952#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {12952#true} is VALID [2022-02-20 18:05:53,822 INFO L290 TraceCheckUtils]: 1: Hoare triple {12952#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {12952#true} is VALID [2022-02-20 18:05:53,822 INFO L290 TraceCheckUtils]: 2: Hoare triple {12952#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {12952#true} is VALID [2022-02-20 18:05:53,822 INFO L272 TraceCheckUtils]: 3: Hoare triple {12952#true} call select_features_#t~ret96#1 := select_one(); {12952#true} is VALID [2022-02-20 18:05:53,822 INFO L290 TraceCheckUtils]: 4: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,822 INFO L290 TraceCheckUtils]: 5: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,822 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {12952#true} {12952#true} #1733#return; {12952#true} is VALID [2022-02-20 18:05:53,823 INFO L290 TraceCheckUtils]: 7: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {12952#true} is VALID [2022-02-20 18:05:53,823 INFO L272 TraceCheckUtils]: 8: Hoare triple {12952#true} call select_features_#t~ret97#1 := select_one(); {12952#true} is VALID [2022-02-20 18:05:53,823 INFO L290 TraceCheckUtils]: 9: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,823 INFO L290 TraceCheckUtils]: 10: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,823 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {12952#true} {12952#true} #1735#return; {12952#true} is VALID [2022-02-20 18:05:53,823 INFO L290 TraceCheckUtils]: 12: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {12952#true} is VALID [2022-02-20 18:05:53,823 INFO L272 TraceCheckUtils]: 13: Hoare triple {12952#true} call select_features_#t~ret98#1 := select_one(); {12952#true} is VALID [2022-02-20 18:05:53,823 INFO L290 TraceCheckUtils]: 14: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,823 INFO L290 TraceCheckUtils]: 15: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,823 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12952#true} {12952#true} #1737#return; {12952#true} is VALID [2022-02-20 18:05:53,824 INFO L290 TraceCheckUtils]: 17: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {12952#true} is VALID [2022-02-20 18:05:53,824 INFO L272 TraceCheckUtils]: 18: Hoare triple {12952#true} call select_features_#t~ret99#1 := select_one(); {12952#true} is VALID [2022-02-20 18:05:53,837 INFO L290 TraceCheckUtils]: 19: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,837 INFO L290 TraceCheckUtils]: 20: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,837 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {12952#true} {12952#true} #1739#return; {12952#true} is VALID [2022-02-20 18:05:53,837 INFO L290 TraceCheckUtils]: 22: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {12952#true} is VALID [2022-02-20 18:05:53,837 INFO L272 TraceCheckUtils]: 23: Hoare triple {12952#true} call select_features_#t~ret100#1 := select_one(); {12952#true} is VALID [2022-02-20 18:05:53,838 INFO L290 TraceCheckUtils]: 24: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,838 INFO L290 TraceCheckUtils]: 25: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,838 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {12952#true} {12952#true} #1741#return; {12952#true} is VALID [2022-02-20 18:05:53,839 INFO L290 TraceCheckUtils]: 27: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {12952#true} is VALID [2022-02-20 18:05:53,839 INFO L272 TraceCheckUtils]: 28: Hoare triple {12952#true} call select_features_#t~ret101#1 := select_one(); {12952#true} is VALID [2022-02-20 18:05:53,839 INFO L290 TraceCheckUtils]: 29: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,840 INFO L290 TraceCheckUtils]: 30: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,840 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {12952#true} {12952#true} #1743#return; {12952#true} is VALID [2022-02-20 18:05:53,840 INFO L290 TraceCheckUtils]: 32: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {12952#true} is VALID [2022-02-20 18:05:53,840 INFO L272 TraceCheckUtils]: 33: Hoare triple {12952#true} call select_features_#t~ret102#1 := select_one(); {12952#true} is VALID [2022-02-20 18:05:53,840 INFO L290 TraceCheckUtils]: 34: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,840 INFO L290 TraceCheckUtils]: 35: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,840 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {12952#true} {12952#true} #1745#return; {12952#true} is VALID [2022-02-20 18:05:53,840 INFO L290 TraceCheckUtils]: 37: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {12952#true} is VALID [2022-02-20 18:05:53,840 INFO L272 TraceCheckUtils]: 38: Hoare triple {12952#true} call select_features_#t~ret103#1 := select_one(); {12952#true} is VALID [2022-02-20 18:05:53,841 INFO L290 TraceCheckUtils]: 39: Hoare triple {12952#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {12952#true} is VALID [2022-02-20 18:05:53,841 INFO L290 TraceCheckUtils]: 40: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,852 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12952#true} {12952#true} #1747#return; {12952#true} is VALID [2022-02-20 18:05:53,853 INFO L290 TraceCheckUtils]: 42: Hoare triple {12952#true} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {12952#true} is VALID [2022-02-20 18:05:53,853 INFO L290 TraceCheckUtils]: 43: Hoare triple {12952#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {12952#true} is VALID [2022-02-20 18:05:53,853 INFO L290 TraceCheckUtils]: 44: Hoare triple {12952#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {12952#true} is VALID [2022-02-20 18:05:53,854 INFO L290 TraceCheckUtils]: 45: Hoare triple {12952#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {12978#(not (= ~__SELECTED_FEATURE_Decrypt~0 0))} is VALID [2022-02-20 18:05:53,854 INFO L290 TraceCheckUtils]: 46: Hoare triple {12978#(not (= ~__SELECTED_FEATURE_Decrypt~0 0))} assume 0 == ~__SELECTED_FEATURE_Decrypt~0; {12953#false} is VALID [2022-02-20 18:05:53,854 INFO L290 TraceCheckUtils]: 47: Hoare triple {12953#false} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {12953#false} is VALID [2022-02-20 18:05:53,854 INFO L290 TraceCheckUtils]: 48: Hoare triple {12953#false} assume 0 != ~__SELECTED_FEATURE_Keys~0; {12953#false} is VALID [2022-02-20 18:05:53,854 INFO L290 TraceCheckUtils]: 49: Hoare triple {12953#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12953#false} is VALID [2022-02-20 18:05:53,855 INFO L290 TraceCheckUtils]: 50: Hoare triple {12953#false} assume 0 == ~__SELECTED_FEATURE_Verify~0; {12953#false} is VALID [2022-02-20 18:05:53,855 INFO L290 TraceCheckUtils]: 51: Hoare triple {12953#false} assume 0 == ~__SELECTED_FEATURE_Sign~0; {12953#false} is VALID [2022-02-20 18:05:53,855 INFO L290 TraceCheckUtils]: 52: Hoare triple {12953#false} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~20#1 := 1; {12953#false} is VALID [2022-02-20 18:05:53,855 INFO L290 TraceCheckUtils]: 53: Hoare triple {12953#false} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {12953#false} is VALID [2022-02-20 18:05:53,855 INFO L290 TraceCheckUtils]: 54: Hoare triple {12953#false} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {12953#false} is VALID [2022-02-20 18:05:53,855 INFO L290 TraceCheckUtils]: 55: Hoare triple {12953#false} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {12953#false} is VALID [2022-02-20 18:05:53,855 INFO L290 TraceCheckUtils]: 56: Hoare triple {12953#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12953#false} is VALID [2022-02-20 18:05:53,856 INFO L272 TraceCheckUtils]: 57: Hoare triple {12953#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:53,856 INFO L290 TraceCheckUtils]: 58: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {12952#true} is VALID [2022-02-20 18:05:53,856 INFO L272 TraceCheckUtils]: 59: Hoare triple {12952#true} call setClientId(~bob___0, ~bob___0); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:53,857 INFO L290 TraceCheckUtils]: 60: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,857 INFO L290 TraceCheckUtils]: 61: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,857 INFO L290 TraceCheckUtils]: 62: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,857 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12952#true} {12952#true} #1731#return; {12952#true} is VALID [2022-02-20 18:05:53,857 INFO L290 TraceCheckUtils]: 64: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,857 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {12952#true} {12953#false} #1753#return; {12953#false} is VALID [2022-02-20 18:05:53,857 INFO L290 TraceCheckUtils]: 66: Hoare triple {12953#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {12953#false} is VALID [2022-02-20 18:05:53,857 INFO L290 TraceCheckUtils]: 67: Hoare triple {12953#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12953#false} is VALID [2022-02-20 18:05:53,857 INFO L272 TraceCheckUtils]: 68: Hoare triple {12953#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:53,858 INFO L290 TraceCheckUtils]: 69: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {12952#true} is VALID [2022-02-20 18:05:53,858 INFO L272 TraceCheckUtils]: 70: Hoare triple {12952#true} call setClientId(~rjh___0, ~rjh___0); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:53,858 INFO L290 TraceCheckUtils]: 71: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,858 INFO L290 TraceCheckUtils]: 72: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,859 INFO L290 TraceCheckUtils]: 73: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,859 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {12952#true} {12952#true} #1683#return; {12952#true} is VALID [2022-02-20 18:05:53,859 INFO L290 TraceCheckUtils]: 75: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,859 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {12952#true} {12953#false} #1759#return; {12953#false} is VALID [2022-02-20 18:05:53,859 INFO L290 TraceCheckUtils]: 77: Hoare triple {12953#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {12953#false} is VALID [2022-02-20 18:05:53,859 INFO L290 TraceCheckUtils]: 78: Hoare triple {12953#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {12953#false} is VALID [2022-02-20 18:05:53,859 INFO L272 TraceCheckUtils]: 79: Hoare triple {12953#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:53,859 INFO L290 TraceCheckUtils]: 80: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {12952#true} is VALID [2022-02-20 18:05:53,860 INFO L272 TraceCheckUtils]: 81: Hoare triple {12952#true} call setClientId(~chuck___0, ~chuck___0); {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:05:53,860 INFO L290 TraceCheckUtils]: 82: Hoare triple {13028#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,860 INFO L290 TraceCheckUtils]: 83: Hoare triple {12952#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,860 INFO L290 TraceCheckUtils]: 84: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,860 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12952#true} {12952#true} #1625#return; {12952#true} is VALID [2022-02-20 18:05:53,861 INFO L290 TraceCheckUtils]: 86: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,861 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {12952#true} {12953#false} #1765#return; {12953#false} is VALID [2022-02-20 18:05:53,861 INFO L290 TraceCheckUtils]: 88: Hoare triple {12953#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {12953#false} is VALID [2022-02-20 18:05:53,861 INFO L290 TraceCheckUtils]: 89: Hoare triple {12953#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12953#false} is VALID [2022-02-20 18:05:53,861 INFO L290 TraceCheckUtils]: 90: Hoare triple {12953#false} assume !false; {12953#false} is VALID [2022-02-20 18:05:53,861 INFO L290 TraceCheckUtils]: 91: Hoare triple {12953#false} assume !(test_~splverifierCounter~0#1 < 4); {12953#false} is VALID [2022-02-20 18:05:53,861 INFO L290 TraceCheckUtils]: 92: Hoare triple {12953#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {12953#false} is VALID [2022-02-20 18:05:53,862 INFO L272 TraceCheckUtils]: 93: Hoare triple {12953#false} call sendEmail(~bob~0, ~rjh~0); {12953#false} is VALID [2022-02-20 18:05:53,862 INFO L290 TraceCheckUtils]: 94: Hoare triple {12953#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12953#false} is VALID [2022-02-20 18:05:53,862 INFO L272 TraceCheckUtils]: 95: Hoare triple {12953#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13041#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:53,862 INFO L290 TraceCheckUtils]: 96: Hoare triple {13041#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,862 INFO L290 TraceCheckUtils]: 97: Hoare triple {12952#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,862 INFO L290 TraceCheckUtils]: 98: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,862 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {12952#true} {12953#false} #1647#return; {12953#false} is VALID [2022-02-20 18:05:53,863 INFO L272 TraceCheckUtils]: 100: Hoare triple {12953#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13042#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:05:53,863 INFO L290 TraceCheckUtils]: 101: Hoare triple {13042#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,863 INFO L290 TraceCheckUtils]: 102: Hoare triple {12952#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,863 INFO L290 TraceCheckUtils]: 103: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,863 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {12952#true} {12953#false} #1649#return; {12953#false} is VALID [2022-02-20 18:05:53,863 INFO L290 TraceCheckUtils]: 105: Hoare triple {12953#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {12953#false} is VALID [2022-02-20 18:05:53,863 INFO L290 TraceCheckUtils]: 106: Hoare triple {12953#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {12953#false} is VALID [2022-02-20 18:05:53,864 INFO L272 TraceCheckUtils]: 107: Hoare triple {12953#false} call outgoing(~sender#1, ~email~0#1); {12953#false} is VALID [2022-02-20 18:05:53,864 INFO L290 TraceCheckUtils]: 108: Hoare triple {12953#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12953#false} is VALID [2022-02-20 18:05:53,864 INFO L290 TraceCheckUtils]: 109: Hoare triple {12953#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {12953#false} is VALID [2022-02-20 18:05:53,864 INFO L272 TraceCheckUtils]: 110: Hoare triple {12953#false} call outgoing__before__Sign(~client#1, ~msg#1); {12953#false} is VALID [2022-02-20 18:05:53,864 INFO L290 TraceCheckUtils]: 111: Hoare triple {12953#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12953#false} is VALID [2022-02-20 18:05:53,864 INFO L290 TraceCheckUtils]: 112: Hoare triple {12953#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {12953#false} is VALID [2022-02-20 18:05:53,864 INFO L272 TraceCheckUtils]: 113: Hoare triple {12953#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {12953#false} is VALID [2022-02-20 18:05:53,864 INFO L290 TraceCheckUtils]: 114: Hoare triple {12953#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {12953#false} is VALID [2022-02-20 18:05:53,865 INFO L290 TraceCheckUtils]: 115: Hoare triple {12953#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret18#1, outgoing__role__Encrypt_#t~ret19#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~3#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~1#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~3#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~1#1; {12953#false} is VALID [2022-02-20 18:05:53,865 INFO L272 TraceCheckUtils]: 116: Hoare triple {12953#false} call outgoing__role__Encrypt_#t~ret18#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {12952#true} is VALID [2022-02-20 18:05:53,865 INFO L290 TraceCheckUtils]: 117: Hoare triple {12952#true} ~handle := #in~handle;havoc ~retValue_acc~3; {12952#true} is VALID [2022-02-20 18:05:53,865 INFO L290 TraceCheckUtils]: 118: Hoare triple {12952#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {12952#true} is VALID [2022-02-20 18:05:53,865 INFO L290 TraceCheckUtils]: 119: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,865 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {12952#true} {12953#false} #1613#return; {12953#false} is VALID [2022-02-20 18:05:53,866 INFO L290 TraceCheckUtils]: 121: Hoare triple {12953#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret18#1 && outgoing__role__Encrypt_#t~ret18#1 <= 2147483647;outgoing__role__Encrypt_~tmp~3#1 := outgoing__role__Encrypt_#t~ret18#1;havoc outgoing__role__Encrypt_#t~ret18#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~3#1; {12953#false} is VALID [2022-02-20 18:05:53,866 INFO L272 TraceCheckUtils]: 122: Hoare triple {12953#false} call outgoing__role__Encrypt_#t~ret19#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {12952#true} is VALID [2022-02-20 18:05:53,866 INFO L290 TraceCheckUtils]: 123: Hoare triple {12952#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {12952#true} is VALID [2022-02-20 18:05:53,866 INFO L290 TraceCheckUtils]: 124: Hoare triple {12952#true} assume 1 == ~handle; {12952#true} is VALID [2022-02-20 18:05:53,866 INFO L290 TraceCheckUtils]: 125: Hoare triple {12952#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {12952#true} is VALID [2022-02-20 18:05:53,866 INFO L290 TraceCheckUtils]: 126: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,866 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {12952#true} {12953#false} #1615#return; {12953#false} is VALID [2022-02-20 18:05:53,866 INFO L290 TraceCheckUtils]: 128: Hoare triple {12953#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret19#1 && outgoing__role__Encrypt_#t~ret19#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~1#1 := outgoing__role__Encrypt_#t~ret19#1;havoc outgoing__role__Encrypt_#t~ret19#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~1#1; {12953#false} is VALID [2022-02-20 18:05:53,866 INFO L290 TraceCheckUtils]: 129: Hoare triple {12953#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {12953#false} is VALID [2022-02-20 18:05:53,867 INFO L272 TraceCheckUtils]: 130: Hoare triple {12953#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {12953#false} is VALID [2022-02-20 18:05:53,867 INFO L290 TraceCheckUtils]: 131: Hoare triple {12953#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {12953#false} is VALID [2022-02-20 18:05:53,867 INFO L290 TraceCheckUtils]: 132: Hoare triple {12953#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {12953#false} is VALID [2022-02-20 18:05:53,867 INFO L290 TraceCheckUtils]: 133: Hoare triple {12953#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {12953#false} is VALID [2022-02-20 18:05:53,867 INFO L272 TraceCheckUtils]: 134: Hoare triple {12953#false} call setEmailFrom(~msg#1, ~tmp~2#1); {13041#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:05:53,867 INFO L290 TraceCheckUtils]: 135: Hoare triple {13041#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12952#true} is VALID [2022-02-20 18:05:53,867 INFO L290 TraceCheckUtils]: 136: Hoare triple {12952#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12952#true} is VALID [2022-02-20 18:05:53,867 INFO L290 TraceCheckUtils]: 137: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,868 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {12952#true} {12953#false} #1659#return; {12953#false} is VALID [2022-02-20 18:05:53,868 INFO L290 TraceCheckUtils]: 139: Hoare triple {12953#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {12953#false} is VALID [2022-02-20 18:05:53,868 INFO L290 TraceCheckUtils]: 140: Hoare triple {12953#false} assume 0 != ~in_encrypted~0; {12953#false} is VALID [2022-02-20 18:05:53,868 INFO L272 TraceCheckUtils]: 141: Hoare triple {12953#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {12952#true} is VALID [2022-02-20 18:05:53,868 INFO L290 TraceCheckUtils]: 142: Hoare triple {12952#true} ~handle := #in~handle;havoc ~retValue_acc~6; {12952#true} is VALID [2022-02-20 18:05:53,868 INFO L290 TraceCheckUtils]: 143: Hoare triple {12952#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {12952#true} is VALID [2022-02-20 18:05:53,868 INFO L290 TraceCheckUtils]: 144: Hoare triple {12952#true} assume true; {12952#true} is VALID [2022-02-20 18:05:53,868 INFO L284 TraceCheckUtils]: 145: Hoare quadruple {12952#true} {12953#false} #1661#return; {12953#false} is VALID [2022-02-20 18:05:53,869 INFO L290 TraceCheckUtils]: 146: Hoare triple {12953#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {12953#false} is VALID [2022-02-20 18:05:53,869 INFO L290 TraceCheckUtils]: 147: Hoare triple {12953#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {12953#false} is VALID [2022-02-20 18:05:53,869 INFO L290 TraceCheckUtils]: 148: Hoare triple {12953#false} assume !false; {12953#false} is VALID [2022-02-20 18:05:53,869 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:05:53,869 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:53,870 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1510760123] [2022-02-20 18:05:53,870 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1510760123] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:53,870 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:53,870 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:05:53,870 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [828545114] [2022-02-20 18:05:53,870 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:53,871 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 149 [2022-02-20 18:05:53,872 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:53,872 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:05:53,964 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 126 edges. 126 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:53,965 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:05:53,965 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:53,965 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:05:53,965 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:05:53,966 INFO L87 Difference]: Start difference. First operand 596 states and 871 transitions. Second operand has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:05:59,112 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:59,112 INFO L93 Difference]: Finished difference Result 1302 states and 1952 transitions. [2022-02-20 18:05:59,112 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:05:59,112 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 149 [2022-02-20 18:05:59,113 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:59,113 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:05:59,132 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1950 transitions. [2022-02-20 18:05:59,133 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:05:59,154 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1950 transitions. [2022-02-20 18:05:59,154 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1950 transitions. [2022-02-20 18:06:00,824 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1950 edges. 1950 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:00,887 INFO L225 Difference]: With dead ends: 1302 [2022-02-20 18:06:00,888 INFO L226 Difference]: Without dead ends: 736 [2022-02-20 18:06:00,890 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 43 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:06:00,900 INFO L933 BasicCegarLoop]: 890 mSDtfsCounter, 2027 mSDsluCounter, 679 mSDsCounter, 0 mSdLazyCounter, 510 mSolverCounterSat, 803 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2055 SdHoareTripleChecker+Valid, 1569 SdHoareTripleChecker+Invalid, 1313 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 803 IncrementalHoareTripleChecker+Valid, 510 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:00,902 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2055 Valid, 1569 Invalid, 1313 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [803 Valid, 510 Invalid, 0 Unknown, 0 Unchecked, 2.0s Time] [2022-02-20 18:06:00,904 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 736 states. [2022-02-20 18:06:00,923 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 736 to 595. [2022-02-20 18:06:00,924 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:00,925 INFO L82 GeneralOperation]: Start isEquivalent. First operand 736 states. Second operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 460 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 18:06:00,926 INFO L74 IsIncluded]: Start isIncluded. First operand 736 states. Second operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 460 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 18:06:00,928 INFO L87 Difference]: Start difference. First operand 736 states. Second operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 460 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 18:06:00,953 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:00,953 INFO L93 Difference]: Finished difference Result 736 states and 1099 transitions. [2022-02-20 18:06:00,953 INFO L276 IsEmpty]: Start isEmpty. Operand 736 states and 1099 transitions. [2022-02-20 18:06:00,955 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:00,955 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:00,956 INFO L74 IsIncluded]: Start isIncluded. First operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 460 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) Second operand 736 states. [2022-02-20 18:06:00,958 INFO L87 Difference]: Start difference. First operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 460 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) Second operand 736 states. [2022-02-20 18:06:00,990 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:00,990 INFO L93 Difference]: Finished difference Result 736 states and 1099 transitions. [2022-02-20 18:06:00,990 INFO L276 IsEmpty]: Start isEmpty. Operand 736 states and 1099 transitions. [2022-02-20 18:06:00,992 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:00,992 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:00,992 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:00,993 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:00,994 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 595 states, 444 states have (on average 1.4774774774774775) internal successors, (656), 460 states have internal predecessors, (656), 106 states have call successors, (106), 44 states have call predecessors, (106), 44 states have return successors, (105), 104 states have call predecessors, (105), 105 states have call successors, (105) [2022-02-20 18:06:01,015 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 595 states to 595 states and 867 transitions. [2022-02-20 18:06:01,016 INFO L78 Accepts]: Start accepts. Automaton has 595 states and 867 transitions. Word has length 149 [2022-02-20 18:06:01,016 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:01,016 INFO L470 AbstractCegarLoop]: Abstraction has 595 states and 867 transitions. [2022-02-20 18:06:01,016 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 13.5) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:06:01,016 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 867 transitions. [2022-02-20 18:06:01,018 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 151 [2022-02-20 18:06:01,018 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:01,018 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:01,018 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:06:01,019 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:01,019 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:01,019 INFO L85 PathProgramCache]: Analyzing trace with hash -497393103, now seen corresponding path program 1 times [2022-02-20 18:06:01,019 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:01,019 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1506126861] [2022-02-20 18:06:01,019 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:01,020 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:01,062 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:06:01,096 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,103 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,103 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,103 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1733#return; {17160#true} is VALID [2022-02-20 18:06:01,103 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:06:01,106 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,109 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,109 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,109 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1735#return; {17160#true} is VALID [2022-02-20 18:06:01,109 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:06:01,112 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,115 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,115 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,115 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1737#return; {17160#true} is VALID [2022-02-20 18:06:01,116 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:06:01,118 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,122 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,122 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,122 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1739#return; {17160#true} is VALID [2022-02-20 18:06:01,123 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:06:01,125 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,127 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,128 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,128 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1741#return; {17160#true} is VALID [2022-02-20 18:06:01,128 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:06:01,130 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,134 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,134 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,135 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1743#return; {17160#true} is VALID [2022-02-20 18:06:01,135 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:06:01,137 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,140 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,140 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,140 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1745#return; {17160#true} is VALID [2022-02-20 18:06:01,140 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:06:01,143 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,145 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,146 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,146 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17160#true} {17160#true} #1747#return; {17160#true} is VALID [2022-02-20 18:06:01,150 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:06:01,153 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,156 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:01,158 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,160 INFO L290 TraceCheckUtils]: 0: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,161 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,161 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,161 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17160#true} #1731#return; {17160#true} is VALID [2022-02-20 18:06:01,161 INFO L290 TraceCheckUtils]: 0: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {17160#true} is VALID [2022-02-20 18:06:01,162 INFO L272 TraceCheckUtils]: 1: Hoare triple {17160#true} call setClientId(~bob___0, ~bob___0); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:01,162 INFO L290 TraceCheckUtils]: 2: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,162 INFO L290 TraceCheckUtils]: 3: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,162 INFO L290 TraceCheckUtils]: 4: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,162 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17160#true} {17160#true} #1731#return; {17160#true} is VALID [2022-02-20 18:06:01,162 INFO L290 TraceCheckUtils]: 6: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,162 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17160#true} {17161#false} #1753#return; {17161#false} is VALID [2022-02-20 18:06:01,162 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:06:01,164 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,167 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:01,168 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,169 INFO L290 TraceCheckUtils]: 0: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,169 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,169 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,170 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17160#true} #1683#return; {17160#true} is VALID [2022-02-20 18:06:01,170 INFO L290 TraceCheckUtils]: 0: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {17160#true} is VALID [2022-02-20 18:06:01,170 INFO L272 TraceCheckUtils]: 1: Hoare triple {17160#true} call setClientId(~rjh___0, ~rjh___0); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:01,170 INFO L290 TraceCheckUtils]: 2: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,171 INFO L290 TraceCheckUtils]: 3: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,171 INFO L290 TraceCheckUtils]: 4: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,171 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17160#true} {17160#true} #1683#return; {17160#true} is VALID [2022-02-20 18:06:01,171 INFO L290 TraceCheckUtils]: 6: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,171 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17160#true} {17161#false} #1759#return; {17161#false} is VALID [2022-02-20 18:06:01,171 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:06:01,173 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,175 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:01,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,177 INFO L290 TraceCheckUtils]: 0: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,177 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,177 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,177 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17160#true} #1625#return; {17160#true} is VALID [2022-02-20 18:06:01,177 INFO L290 TraceCheckUtils]: 0: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {17160#true} is VALID [2022-02-20 18:06:01,178 INFO L272 TraceCheckUtils]: 1: Hoare triple {17160#true} call setClientId(~chuck___0, ~chuck___0); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:01,178 INFO L290 TraceCheckUtils]: 2: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,178 INFO L290 TraceCheckUtils]: 3: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,178 INFO L290 TraceCheckUtils]: 4: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,178 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17160#true} {17160#true} #1625#return; {17160#true} is VALID [2022-02-20 18:06:01,178 INFO L290 TraceCheckUtils]: 6: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,179 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {17160#true} {17161#false} #1765#return; {17161#false} is VALID [2022-02-20 18:06:01,183 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:06:01,184 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,186 INFO L290 TraceCheckUtils]: 0: Hoare triple {17249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,186 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,186 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,186 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17161#false} #1647#return; {17161#false} is VALID [2022-02-20 18:06:01,191 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:06:01,192 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,195 INFO L290 TraceCheckUtils]: 0: Hoare triple {17250#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,195 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,196 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,196 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17161#false} #1649#return; {17161#false} is VALID [2022-02-20 18:06:01,196 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 18:06:01,197 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,199 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} ~handle := #in~handle;havoc ~retValue_acc~3; {17160#true} is VALID [2022-02-20 18:06:01,199 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {17160#true} is VALID [2022-02-20 18:06:01,199 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,200 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17161#false} #1613#return; {17161#false} is VALID [2022-02-20 18:06:01,200 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:06:01,201 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,203 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {17160#true} is VALID [2022-02-20 18:06:01,203 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle; {17160#true} is VALID [2022-02-20 18:06:01,203 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {17160#true} is VALID [2022-02-20 18:06:01,203 INFO L290 TraceCheckUtils]: 3: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,203 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17160#true} {17161#false} #1615#return; {17161#false} is VALID [2022-02-20 18:06:01,203 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 18:06:01,205 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,207 INFO L290 TraceCheckUtils]: 0: Hoare triple {17249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,207 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,208 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,208 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17161#false} #1659#return; {17161#false} is VALID [2022-02-20 18:06:01,208 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 18:06:01,209 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:01,210 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} ~handle := #in~handle;havoc ~retValue_acc~6; {17160#true} is VALID [2022-02-20 18:06:01,210 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {17160#true} is VALID [2022-02-20 18:06:01,210 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,211 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17160#true} {17161#false} #1661#return; {17161#false} is VALID [2022-02-20 18:06:01,211 INFO L290 TraceCheckUtils]: 0: Hoare triple {17160#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {17160#true} is VALID [2022-02-20 18:06:01,211 INFO L290 TraceCheckUtils]: 1: Hoare triple {17160#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {17160#true} is VALID [2022-02-20 18:06:01,211 INFO L290 TraceCheckUtils]: 2: Hoare triple {17160#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {17160#true} is VALID [2022-02-20 18:06:01,211 INFO L272 TraceCheckUtils]: 3: Hoare triple {17160#true} call select_features_#t~ret96#1 := select_one(); {17160#true} is VALID [2022-02-20 18:06:01,211 INFO L290 TraceCheckUtils]: 4: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,211 INFO L290 TraceCheckUtils]: 5: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,212 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {17160#true} {17160#true} #1733#return; {17160#true} is VALID [2022-02-20 18:06:01,212 INFO L290 TraceCheckUtils]: 7: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {17160#true} is VALID [2022-02-20 18:06:01,212 INFO L272 TraceCheckUtils]: 8: Hoare triple {17160#true} call select_features_#t~ret97#1 := select_one(); {17160#true} is VALID [2022-02-20 18:06:01,212 INFO L290 TraceCheckUtils]: 9: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,212 INFO L290 TraceCheckUtils]: 10: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,212 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {17160#true} {17160#true} #1735#return; {17160#true} is VALID [2022-02-20 18:06:01,212 INFO L290 TraceCheckUtils]: 12: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {17160#true} is VALID [2022-02-20 18:06:01,212 INFO L272 TraceCheckUtils]: 13: Hoare triple {17160#true} call select_features_#t~ret98#1 := select_one(); {17160#true} is VALID [2022-02-20 18:06:01,212 INFO L290 TraceCheckUtils]: 14: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,213 INFO L290 TraceCheckUtils]: 15: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,213 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17160#true} {17160#true} #1737#return; {17160#true} is VALID [2022-02-20 18:06:01,213 INFO L290 TraceCheckUtils]: 17: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {17160#true} is VALID [2022-02-20 18:06:01,213 INFO L272 TraceCheckUtils]: 18: Hoare triple {17160#true} call select_features_#t~ret99#1 := select_one(); {17160#true} is VALID [2022-02-20 18:06:01,213 INFO L290 TraceCheckUtils]: 19: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,213 INFO L290 TraceCheckUtils]: 20: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,213 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {17160#true} {17160#true} #1739#return; {17160#true} is VALID [2022-02-20 18:06:01,213 INFO L290 TraceCheckUtils]: 22: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {17160#true} is VALID [2022-02-20 18:06:01,213 INFO L272 TraceCheckUtils]: 23: Hoare triple {17160#true} call select_features_#t~ret100#1 := select_one(); {17160#true} is VALID [2022-02-20 18:06:01,214 INFO L290 TraceCheckUtils]: 24: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,214 INFO L290 TraceCheckUtils]: 25: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,214 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {17160#true} {17160#true} #1741#return; {17160#true} is VALID [2022-02-20 18:06:01,214 INFO L290 TraceCheckUtils]: 27: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {17160#true} is VALID [2022-02-20 18:06:01,214 INFO L272 TraceCheckUtils]: 28: Hoare triple {17160#true} call select_features_#t~ret101#1 := select_one(); {17160#true} is VALID [2022-02-20 18:06:01,214 INFO L290 TraceCheckUtils]: 29: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,214 INFO L290 TraceCheckUtils]: 30: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,214 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {17160#true} {17160#true} #1743#return; {17160#true} is VALID [2022-02-20 18:06:01,214 INFO L290 TraceCheckUtils]: 32: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {17160#true} is VALID [2022-02-20 18:06:01,215 INFO L272 TraceCheckUtils]: 33: Hoare triple {17160#true} call select_features_#t~ret102#1 := select_one(); {17160#true} is VALID [2022-02-20 18:06:01,215 INFO L290 TraceCheckUtils]: 34: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,215 INFO L290 TraceCheckUtils]: 35: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,215 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {17160#true} {17160#true} #1745#return; {17160#true} is VALID [2022-02-20 18:06:01,215 INFO L290 TraceCheckUtils]: 37: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {17160#true} is VALID [2022-02-20 18:06:01,215 INFO L272 TraceCheckUtils]: 38: Hoare triple {17160#true} call select_features_#t~ret103#1 := select_one(); {17160#true} is VALID [2022-02-20 18:06:01,215 INFO L290 TraceCheckUtils]: 39: Hoare triple {17160#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {17160#true} is VALID [2022-02-20 18:06:01,215 INFO L290 TraceCheckUtils]: 40: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,215 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {17160#true} {17160#true} #1747#return; {17160#true} is VALID [2022-02-20 18:06:01,215 INFO L290 TraceCheckUtils]: 42: Hoare triple {17160#true} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {17160#true} is VALID [2022-02-20 18:06:01,216 INFO L290 TraceCheckUtils]: 43: Hoare triple {17160#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {17160#true} is VALID [2022-02-20 18:06:01,216 INFO L290 TraceCheckUtils]: 44: Hoare triple {17160#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {17160#true} is VALID [2022-02-20 18:06:01,216 INFO L290 TraceCheckUtils]: 45: Hoare triple {17160#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {17160#true} is VALID [2022-02-20 18:06:01,216 INFO L290 TraceCheckUtils]: 46: Hoare triple {17160#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {17160#true} is VALID [2022-02-20 18:06:01,216 INFO L290 TraceCheckUtils]: 47: Hoare triple {17160#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {17160#true} is VALID [2022-02-20 18:06:01,216 INFO L290 TraceCheckUtils]: 48: Hoare triple {17160#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {17160#true} is VALID [2022-02-20 18:06:01,216 INFO L290 TraceCheckUtils]: 49: Hoare triple {17160#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:06:01,217 INFO L290 TraceCheckUtils]: 50: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 == ~__SELECTED_FEATURE_Sign~0; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:06:01,217 INFO L290 TraceCheckUtils]: 51: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 == ~__SELECTED_FEATURE_Verify~0; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:06:01,217 INFO L290 TraceCheckUtils]: 52: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 == ~__SELECTED_FEATURE_Sign~0; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:06:01,218 INFO L290 TraceCheckUtils]: 53: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~20#1 := 1; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:06:01,218 INFO L290 TraceCheckUtils]: 54: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:06:01,218 INFO L290 TraceCheckUtils]: 55: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:06:01,218 INFO L290 TraceCheckUtils]: 56: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} is VALID [2022-02-20 18:06:01,219 INFO L290 TraceCheckUtils]: 57: Hoare triple {17186#(not (= ~__SELECTED_FEATURE_Keys~0 0))} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17161#false} is VALID [2022-02-20 18:06:01,219 INFO L272 TraceCheckUtils]: 58: Hoare triple {17161#false} call setup_bob__before__Keys(setup_bob_~bob___0#1); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:01,219 INFO L290 TraceCheckUtils]: 59: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {17160#true} is VALID [2022-02-20 18:06:01,220 INFO L272 TraceCheckUtils]: 60: Hoare triple {17160#true} call setClientId(~bob___0, ~bob___0); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:01,220 INFO L290 TraceCheckUtils]: 61: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,220 INFO L290 TraceCheckUtils]: 62: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,220 INFO L290 TraceCheckUtils]: 63: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,220 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {17160#true} {17160#true} #1731#return; {17160#true} is VALID [2022-02-20 18:06:01,220 INFO L290 TraceCheckUtils]: 65: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,220 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {17160#true} {17161#false} #1753#return; {17161#false} is VALID [2022-02-20 18:06:01,220 INFO L290 TraceCheckUtils]: 67: Hoare triple {17161#false} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {17161#false} is VALID [2022-02-20 18:06:01,220 INFO L290 TraceCheckUtils]: 68: Hoare triple {17161#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17161#false} is VALID [2022-02-20 18:06:01,220 INFO L272 TraceCheckUtils]: 69: Hoare triple {17161#false} call setup_rjh__before__Keys(setup_rjh_~rjh___0#1); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:01,221 INFO L290 TraceCheckUtils]: 70: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {17160#true} is VALID [2022-02-20 18:06:01,221 INFO L272 TraceCheckUtils]: 71: Hoare triple {17160#true} call setClientId(~rjh___0, ~rjh___0); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:01,221 INFO L290 TraceCheckUtils]: 72: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,221 INFO L290 TraceCheckUtils]: 73: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,222 INFO L290 TraceCheckUtils]: 74: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,222 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {17160#true} {17160#true} #1683#return; {17160#true} is VALID [2022-02-20 18:06:01,222 INFO L290 TraceCheckUtils]: 76: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,222 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {17160#true} {17161#false} #1759#return; {17161#false} is VALID [2022-02-20 18:06:01,222 INFO L290 TraceCheckUtils]: 78: Hoare triple {17161#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {17161#false} is VALID [2022-02-20 18:06:01,222 INFO L290 TraceCheckUtils]: 79: Hoare triple {17161#false} assume !(0 != ~__SELECTED_FEATURE_Keys~0); {17161#false} is VALID [2022-02-20 18:06:01,222 INFO L272 TraceCheckUtils]: 80: Hoare triple {17161#false} call setup_chuck__before__Keys(setup_chuck_~chuck___0#1); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:01,222 INFO L290 TraceCheckUtils]: 81: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {17160#true} is VALID [2022-02-20 18:06:01,223 INFO L272 TraceCheckUtils]: 82: Hoare triple {17160#true} call setClientId(~chuck___0, ~chuck___0); {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:01,223 INFO L290 TraceCheckUtils]: 83: Hoare triple {17236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,223 INFO L290 TraceCheckUtils]: 84: Hoare triple {17160#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,223 INFO L290 TraceCheckUtils]: 85: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,223 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {17160#true} {17160#true} #1625#return; {17160#true} is VALID [2022-02-20 18:06:01,224 INFO L290 TraceCheckUtils]: 87: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,224 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {17160#true} {17161#false} #1765#return; {17161#false} is VALID [2022-02-20 18:06:01,224 INFO L290 TraceCheckUtils]: 89: Hoare triple {17161#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {17161#false} is VALID [2022-02-20 18:06:01,224 INFO L290 TraceCheckUtils]: 90: Hoare triple {17161#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17161#false} is VALID [2022-02-20 18:06:01,224 INFO L290 TraceCheckUtils]: 91: Hoare triple {17161#false} assume !false; {17161#false} is VALID [2022-02-20 18:06:01,224 INFO L290 TraceCheckUtils]: 92: Hoare triple {17161#false} assume !(test_~splverifierCounter~0#1 < 4); {17161#false} is VALID [2022-02-20 18:06:01,224 INFO L290 TraceCheckUtils]: 93: Hoare triple {17161#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {17161#false} is VALID [2022-02-20 18:06:01,224 INFO L272 TraceCheckUtils]: 94: Hoare triple {17161#false} call sendEmail(~bob~0, ~rjh~0); {17161#false} is VALID [2022-02-20 18:06:01,225 INFO L290 TraceCheckUtils]: 95: Hoare triple {17161#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17161#false} is VALID [2022-02-20 18:06:01,225 INFO L272 TraceCheckUtils]: 96: Hoare triple {17161#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:01,225 INFO L290 TraceCheckUtils]: 97: Hoare triple {17249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,225 INFO L290 TraceCheckUtils]: 98: Hoare triple {17160#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,225 INFO L290 TraceCheckUtils]: 99: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,225 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {17160#true} {17161#false} #1647#return; {17161#false} is VALID [2022-02-20 18:06:01,225 INFO L272 TraceCheckUtils]: 101: Hoare triple {17161#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17250#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:06:01,225 INFO L290 TraceCheckUtils]: 102: Hoare triple {17250#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,225 INFO L290 TraceCheckUtils]: 103: Hoare triple {17160#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,225 INFO L290 TraceCheckUtils]: 104: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,226 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {17160#true} {17161#false} #1649#return; {17161#false} is VALID [2022-02-20 18:06:01,226 INFO L290 TraceCheckUtils]: 106: Hoare triple {17161#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {17161#false} is VALID [2022-02-20 18:06:01,226 INFO L290 TraceCheckUtils]: 107: Hoare triple {17161#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {17161#false} is VALID [2022-02-20 18:06:01,226 INFO L272 TraceCheckUtils]: 108: Hoare triple {17161#false} call outgoing(~sender#1, ~email~0#1); {17161#false} is VALID [2022-02-20 18:06:01,226 INFO L290 TraceCheckUtils]: 109: Hoare triple {17161#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17161#false} is VALID [2022-02-20 18:06:01,226 INFO L290 TraceCheckUtils]: 110: Hoare triple {17161#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {17161#false} is VALID [2022-02-20 18:06:01,226 INFO L272 TraceCheckUtils]: 111: Hoare triple {17161#false} call outgoing__before__Sign(~client#1, ~msg#1); {17161#false} is VALID [2022-02-20 18:06:01,226 INFO L290 TraceCheckUtils]: 112: Hoare triple {17161#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17161#false} is VALID [2022-02-20 18:06:01,226 INFO L290 TraceCheckUtils]: 113: Hoare triple {17161#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {17161#false} is VALID [2022-02-20 18:06:01,227 INFO L272 TraceCheckUtils]: 114: Hoare triple {17161#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {17161#false} is VALID [2022-02-20 18:06:01,227 INFO L290 TraceCheckUtils]: 115: Hoare triple {17161#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {17161#false} is VALID [2022-02-20 18:06:01,227 INFO L290 TraceCheckUtils]: 116: Hoare triple {17161#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret18#1, outgoing__role__Encrypt_#t~ret19#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~3#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~1#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~3#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~1#1; {17161#false} is VALID [2022-02-20 18:06:01,227 INFO L272 TraceCheckUtils]: 117: Hoare triple {17161#false} call outgoing__role__Encrypt_#t~ret18#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {17160#true} is VALID [2022-02-20 18:06:01,227 INFO L290 TraceCheckUtils]: 118: Hoare triple {17160#true} ~handle := #in~handle;havoc ~retValue_acc~3; {17160#true} is VALID [2022-02-20 18:06:01,227 INFO L290 TraceCheckUtils]: 119: Hoare triple {17160#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {17160#true} is VALID [2022-02-20 18:06:01,227 INFO L290 TraceCheckUtils]: 120: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,227 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {17160#true} {17161#false} #1613#return; {17161#false} is VALID [2022-02-20 18:06:01,227 INFO L290 TraceCheckUtils]: 122: Hoare triple {17161#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret18#1 && outgoing__role__Encrypt_#t~ret18#1 <= 2147483647;outgoing__role__Encrypt_~tmp~3#1 := outgoing__role__Encrypt_#t~ret18#1;havoc outgoing__role__Encrypt_#t~ret18#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~3#1; {17161#false} is VALID [2022-02-20 18:06:01,228 INFO L272 TraceCheckUtils]: 123: Hoare triple {17161#false} call outgoing__role__Encrypt_#t~ret19#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {17160#true} is VALID [2022-02-20 18:06:01,228 INFO L290 TraceCheckUtils]: 124: Hoare triple {17160#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {17160#true} is VALID [2022-02-20 18:06:01,228 INFO L290 TraceCheckUtils]: 125: Hoare triple {17160#true} assume 1 == ~handle; {17160#true} is VALID [2022-02-20 18:06:01,228 INFO L290 TraceCheckUtils]: 126: Hoare triple {17160#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {17160#true} is VALID [2022-02-20 18:06:01,228 INFO L290 TraceCheckUtils]: 127: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,228 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {17160#true} {17161#false} #1615#return; {17161#false} is VALID [2022-02-20 18:06:01,228 INFO L290 TraceCheckUtils]: 129: Hoare triple {17161#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret19#1 && outgoing__role__Encrypt_#t~ret19#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~1#1 := outgoing__role__Encrypt_#t~ret19#1;havoc outgoing__role__Encrypt_#t~ret19#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~1#1; {17161#false} is VALID [2022-02-20 18:06:01,228 INFO L290 TraceCheckUtils]: 130: Hoare triple {17161#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {17161#false} is VALID [2022-02-20 18:06:01,228 INFO L272 TraceCheckUtils]: 131: Hoare triple {17161#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {17161#false} is VALID [2022-02-20 18:06:01,229 INFO L290 TraceCheckUtils]: 132: Hoare triple {17161#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {17161#false} is VALID [2022-02-20 18:06:01,229 INFO L290 TraceCheckUtils]: 133: Hoare triple {17161#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {17161#false} is VALID [2022-02-20 18:06:01,229 INFO L290 TraceCheckUtils]: 134: Hoare triple {17161#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {17161#false} is VALID [2022-02-20 18:06:01,229 INFO L272 TraceCheckUtils]: 135: Hoare triple {17161#false} call setEmailFrom(~msg#1, ~tmp~2#1); {17249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:01,229 INFO L290 TraceCheckUtils]: 136: Hoare triple {17249#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17160#true} is VALID [2022-02-20 18:06:01,229 INFO L290 TraceCheckUtils]: 137: Hoare triple {17160#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17160#true} is VALID [2022-02-20 18:06:01,229 INFO L290 TraceCheckUtils]: 138: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,229 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {17160#true} {17161#false} #1659#return; {17161#false} is VALID [2022-02-20 18:06:01,229 INFO L290 TraceCheckUtils]: 140: Hoare triple {17161#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {17161#false} is VALID [2022-02-20 18:06:01,230 INFO L290 TraceCheckUtils]: 141: Hoare triple {17161#false} assume 0 != ~in_encrypted~0; {17161#false} is VALID [2022-02-20 18:06:01,230 INFO L272 TraceCheckUtils]: 142: Hoare triple {17161#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {17160#true} is VALID [2022-02-20 18:06:01,230 INFO L290 TraceCheckUtils]: 143: Hoare triple {17160#true} ~handle := #in~handle;havoc ~retValue_acc~6; {17160#true} is VALID [2022-02-20 18:06:01,230 INFO L290 TraceCheckUtils]: 144: Hoare triple {17160#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {17160#true} is VALID [2022-02-20 18:06:01,230 INFO L290 TraceCheckUtils]: 145: Hoare triple {17160#true} assume true; {17160#true} is VALID [2022-02-20 18:06:01,230 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {17160#true} {17161#false} #1661#return; {17161#false} is VALID [2022-02-20 18:06:01,230 INFO L290 TraceCheckUtils]: 147: Hoare triple {17161#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {17161#false} is VALID [2022-02-20 18:06:01,230 INFO L290 TraceCheckUtils]: 148: Hoare triple {17161#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {17161#false} is VALID [2022-02-20 18:06:01,230 INFO L290 TraceCheckUtils]: 149: Hoare triple {17161#false} assume !false; {17161#false} is VALID [2022-02-20 18:06:01,231 INFO L134 CoverageAnalysis]: Checked inductivity of 100 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 100 trivial. 0 not checked. [2022-02-20 18:06:01,231 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:01,231 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1506126861] [2022-02-20 18:06:01,231 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1506126861] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:01,231 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:01,231 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:06:01,232 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1905458760] [2022-02-20 18:06:01,232 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:01,232 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 150 [2022-02-20 18:06:01,233 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:01,233 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:06:01,319 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 127 edges. 127 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:01,320 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:01,320 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:01,320 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:01,320 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:06:01,321 INFO L87 Difference]: Start difference. First operand 595 states and 867 transitions. Second operand has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:06:06,252 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:06,252 INFO L93 Difference]: Finished difference Result 1282 states and 1899 transitions. [2022-02-20 18:06:06,252 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:06:06,253 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 150 [2022-02-20 18:06:06,254 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:06,254 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:06:06,292 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1897 transitions. [2022-02-20 18:06:06,292 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:06:06,320 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1897 transitions. [2022-02-20 18:06:06,328 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1897 transitions. [2022-02-20 18:06:08,197 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1897 edges. 1897 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:08,251 INFO L225 Difference]: With dead ends: 1282 [2022-02-20 18:06:08,254 INFO L226 Difference]: Without dead ends: 733 [2022-02-20 18:06:08,256 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 43 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:06:08,257 INFO L933 BasicCegarLoop]: 865 mSDtfsCounter, 2018 mSDsluCounter, 617 mSDsCounter, 0 mSdLazyCounter, 527 mSolverCounterSat, 820 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 2042 SdHoareTripleChecker+Valid, 1482 SdHoareTripleChecker+Invalid, 1347 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 820 IncrementalHoareTripleChecker+Valid, 527 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:08,262 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [2042 Valid, 1482 Invalid, 1347 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [820 Valid, 527 Invalid, 0 Unknown, 0 Unchecked, 1.9s Time] [2022-02-20 18:06:08,264 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 733 states. [2022-02-20 18:06:08,316 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 733 to 592. [2022-02-20 18:06:08,316 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:08,317 INFO L82 GeneralOperation]: Start isEquivalent. First operand 733 states. Second operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 455 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:06:08,318 INFO L74 IsIncluded]: Start isIncluded. First operand 733 states. Second operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 455 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:06:08,330 INFO L87 Difference]: Start difference. First operand 733 states. Second operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 455 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:06:08,354 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:08,355 INFO L93 Difference]: Finished difference Result 733 states and 1079 transitions. [2022-02-20 18:06:08,355 INFO L276 IsEmpty]: Start isEmpty. Operand 733 states and 1079 transitions. [2022-02-20 18:06:08,357 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:08,357 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:08,358 INFO L74 IsIncluded]: Start isIncluded. First operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 455 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 733 states. [2022-02-20 18:06:08,360 INFO L87 Difference]: Start difference. First operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 455 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 733 states. [2022-02-20 18:06:08,383 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:08,383 INFO L93 Difference]: Finished difference Result 733 states and 1079 transitions. [2022-02-20 18:06:08,383 INFO L276 IsEmpty]: Start isEmpty. Operand 733 states and 1079 transitions. [2022-02-20 18:06:08,385 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:08,386 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:08,386 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:08,386 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:08,387 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 592 states, 444 states have (on average 1.4527027027027026) internal successors, (645), 455 states have internal predecessors, (645), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:06:08,408 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 592 states to 592 states and 850 transitions. [2022-02-20 18:06:08,409 INFO L78 Accepts]: Start accepts. Automaton has 592 states and 850 transitions. Word has length 150 [2022-02-20 18:06:08,409 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:08,409 INFO L470 AbstractCegarLoop]: Abstraction has 592 states and 850 transitions. [2022-02-20 18:06:08,409 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 13.666666666666666) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 5 states have call predecessors, (25), 1 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:06:08,409 INFO L276 IsEmpty]: Start isEmpty. Operand 592 states and 850 transitions. [2022-02-20 18:06:08,411 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 169 [2022-02-20 18:06:08,411 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:08,412 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:08,412 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:06:08,412 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:08,412 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:08,412 INFO L85 PathProgramCache]: Analyzing trace with hash 803790539, now seen corresponding path program 1 times [2022-02-20 18:06:08,412 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:08,413 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [939414041] [2022-02-20 18:06:08,413 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:08,413 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:08,443 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,484 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:06:08,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,492 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,492 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,492 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1733#return; {21323#true} is VALID [2022-02-20 18:06:08,493 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:06:08,494 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,496 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,496 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,496 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1735#return; {21323#true} is VALID [2022-02-20 18:06:08,496 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:06:08,498 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,499 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,499 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,499 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1737#return; {21323#true} is VALID [2022-02-20 18:06:08,500 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:06:08,501 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,505 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,505 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,505 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1739#return; {21323#true} is VALID [2022-02-20 18:06:08,506 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:06:08,508 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,510 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,510 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,510 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1741#return; {21323#true} is VALID [2022-02-20 18:06:08,510 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:06:08,512 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,514 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,514 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,514 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1743#return; {21323#true} is VALID [2022-02-20 18:06:08,514 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:06:08,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,518 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1745#return; {21323#true} is VALID [2022-02-20 18:06:08,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:06:08,520 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,525 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,525 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,525 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21323#true} {21323#true} #1747#return; {21323#true} is VALID [2022-02-20 18:06:08,530 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:06:08,532 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,534 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:08,534 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,536 INFO L290 TraceCheckUtils]: 0: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,536 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,536 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,536 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21323#true} #1731#return; {21323#true} is VALID [2022-02-20 18:06:08,536 INFO L290 TraceCheckUtils]: 0: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {21323#true} is VALID [2022-02-20 18:06:08,537 INFO L272 TraceCheckUtils]: 1: Hoare triple {21323#true} call setClientId(~bob___0, ~bob___0); {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:08,537 INFO L290 TraceCheckUtils]: 2: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,537 INFO L290 TraceCheckUtils]: 3: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,537 INFO L290 TraceCheckUtils]: 4: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,537 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21323#true} {21323#true} #1731#return; {21323#true} is VALID [2022-02-20 18:06:08,538 INFO L290 TraceCheckUtils]: 6: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,538 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21323#true} {21323#true} #1749#return; {21323#true} is VALID [2022-02-20 18:06:08,544 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:06:08,546 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,548 INFO L290 TraceCheckUtils]: 0: Hoare triple {21417#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,548 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,548 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,548 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21323#true} #1751#return; {21323#true} is VALID [2022-02-20 18:06:08,548 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:06:08,550 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,565 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:08,567 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,585 INFO L290 TraceCheckUtils]: 0: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21424#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:08,585 INFO L290 TraceCheckUtils]: 1: Hoare triple {21424#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21425#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:08,585 INFO L290 TraceCheckUtils]: 2: Hoare triple {21425#(= |setClientId_#in~handle| 1)} assume true; {21425#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:08,586 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21425#(= |setClientId_#in~handle| 1)} {21418#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {21423#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:08,586 INFO L290 TraceCheckUtils]: 0: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {21418#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:08,587 INFO L272 TraceCheckUtils]: 1: Hoare triple {21418#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:08,587 INFO L290 TraceCheckUtils]: 2: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21424#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:08,588 INFO L290 TraceCheckUtils]: 3: Hoare triple {21424#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21425#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:08,588 INFO L290 TraceCheckUtils]: 4: Hoare triple {21425#(= |setClientId_#in~handle| 1)} assume true; {21425#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:08,588 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21425#(= |setClientId_#in~handle| 1)} {21418#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {21423#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:08,589 INFO L290 TraceCheckUtils]: 6: Hoare triple {21423#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {21423#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:08,589 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21423#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {21362#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1755#return; {21324#false} is VALID [2022-02-20 18:06:08,589 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:06:08,591 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,592 INFO L290 TraceCheckUtils]: 0: Hoare triple {21417#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,593 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,593 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,593 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1757#return; {21324#false} is VALID [2022-02-20 18:06:08,593 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:06:08,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,597 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:08,598 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,600 INFO L290 TraceCheckUtils]: 0: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,600 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,600 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,600 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21323#true} #1625#return; {21323#true} is VALID [2022-02-20 18:06:08,600 INFO L290 TraceCheckUtils]: 0: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {21323#true} is VALID [2022-02-20 18:06:08,601 INFO L272 TraceCheckUtils]: 1: Hoare triple {21323#true} call setClientId(~chuck___0, ~chuck___0); {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:08,601 INFO L290 TraceCheckUtils]: 2: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,601 INFO L290 TraceCheckUtils]: 3: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,601 INFO L290 TraceCheckUtils]: 4: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,601 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21323#true} {21323#true} #1625#return; {21323#true} is VALID [2022-02-20 18:06:08,601 INFO L290 TraceCheckUtils]: 6: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,602 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {21323#true} {21324#false} #1761#return; {21324#false} is VALID [2022-02-20 18:06:08,602 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:06:08,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,605 INFO L290 TraceCheckUtils]: 0: Hoare triple {21417#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,606 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,606 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,606 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1763#return; {21324#false} is VALID [2022-02-20 18:06:08,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:06:08,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,617 INFO L290 TraceCheckUtils]: 0: Hoare triple {21430#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,617 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,617 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1647#return; {21324#false} is VALID [2022-02-20 18:06:08,625 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:06:08,626 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,628 INFO L290 TraceCheckUtils]: 0: Hoare triple {21431#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,628 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,629 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,629 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1649#return; {21324#false} is VALID [2022-02-20 18:06:08,629 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 18:06:08,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,634 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} ~handle := #in~handle;havoc ~retValue_acc~3; {21323#true} is VALID [2022-02-20 18:06:08,635 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {21323#true} is VALID [2022-02-20 18:06:08,635 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,635 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1613#return; {21324#false} is VALID [2022-02-20 18:06:08,635 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 18:06:08,636 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,637 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {21323#true} is VALID [2022-02-20 18:06:08,637 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle; {21323#true} is VALID [2022-02-20 18:06:08,638 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {21323#true} is VALID [2022-02-20 18:06:08,638 INFO L290 TraceCheckUtils]: 3: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,638 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21323#true} {21324#false} #1615#return; {21324#false} is VALID [2022-02-20 18:06:08,638 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-02-20 18:06:08,639 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,641 INFO L290 TraceCheckUtils]: 0: Hoare triple {21430#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,641 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,642 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,642 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1659#return; {21324#false} is VALID [2022-02-20 18:06:08,642 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 160 [2022-02-20 18:06:08,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,644 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} ~handle := #in~handle;havoc ~retValue_acc~6; {21323#true} is VALID [2022-02-20 18:06:08,644 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {21323#true} is VALID [2022-02-20 18:06:08,644 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,645 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21323#true} {21324#false} #1661#return; {21324#false} is VALID [2022-02-20 18:06:08,645 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {21323#true} is VALID [2022-02-20 18:06:08,645 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {21323#true} is VALID [2022-02-20 18:06:08,645 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {21323#true} is VALID [2022-02-20 18:06:08,645 INFO L272 TraceCheckUtils]: 3: Hoare triple {21323#true} call select_features_#t~ret96#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:08,645 INFO L290 TraceCheckUtils]: 4: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,645 INFO L290 TraceCheckUtils]: 5: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,645 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21323#true} {21323#true} #1733#return; {21323#true} is VALID [2022-02-20 18:06:08,645 INFO L290 TraceCheckUtils]: 7: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {21323#true} is VALID [2022-02-20 18:06:08,646 INFO L272 TraceCheckUtils]: 8: Hoare triple {21323#true} call select_features_#t~ret97#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:08,646 INFO L290 TraceCheckUtils]: 9: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,646 INFO L290 TraceCheckUtils]: 10: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,646 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {21323#true} {21323#true} #1735#return; {21323#true} is VALID [2022-02-20 18:06:08,646 INFO L290 TraceCheckUtils]: 12: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {21323#true} is VALID [2022-02-20 18:06:08,647 INFO L272 TraceCheckUtils]: 13: Hoare triple {21323#true} call select_features_#t~ret98#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:08,647 INFO L290 TraceCheckUtils]: 14: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,647 INFO L290 TraceCheckUtils]: 15: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,647 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21323#true} {21323#true} #1737#return; {21323#true} is VALID [2022-02-20 18:06:08,647 INFO L290 TraceCheckUtils]: 17: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {21323#true} is VALID [2022-02-20 18:06:08,647 INFO L272 TraceCheckUtils]: 18: Hoare triple {21323#true} call select_features_#t~ret99#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:08,647 INFO L290 TraceCheckUtils]: 19: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,647 INFO L290 TraceCheckUtils]: 20: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,647 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {21323#true} {21323#true} #1739#return; {21323#true} is VALID [2022-02-20 18:06:08,648 INFO L290 TraceCheckUtils]: 22: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {21323#true} is VALID [2022-02-20 18:06:08,648 INFO L272 TraceCheckUtils]: 23: Hoare triple {21323#true} call select_features_#t~ret100#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:08,648 INFO L290 TraceCheckUtils]: 24: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,648 INFO L290 TraceCheckUtils]: 25: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,648 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {21323#true} {21323#true} #1741#return; {21323#true} is VALID [2022-02-20 18:06:08,648 INFO L290 TraceCheckUtils]: 27: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {21323#true} is VALID [2022-02-20 18:06:08,648 INFO L272 TraceCheckUtils]: 28: Hoare triple {21323#true} call select_features_#t~ret101#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:08,648 INFO L290 TraceCheckUtils]: 29: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,648 INFO L290 TraceCheckUtils]: 30: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,649 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {21323#true} {21323#true} #1743#return; {21323#true} is VALID [2022-02-20 18:06:08,649 INFO L290 TraceCheckUtils]: 32: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {21323#true} is VALID [2022-02-20 18:06:08,649 INFO L272 TraceCheckUtils]: 33: Hoare triple {21323#true} call select_features_#t~ret102#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:08,649 INFO L290 TraceCheckUtils]: 34: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,649 INFO L290 TraceCheckUtils]: 35: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,649 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {21323#true} {21323#true} #1745#return; {21323#true} is VALID [2022-02-20 18:06:08,649 INFO L290 TraceCheckUtils]: 37: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {21323#true} is VALID [2022-02-20 18:06:08,649 INFO L272 TraceCheckUtils]: 38: Hoare triple {21323#true} call select_features_#t~ret103#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:08,649 INFO L290 TraceCheckUtils]: 39: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:08,649 INFO L290 TraceCheckUtils]: 40: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,650 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {21323#true} {21323#true} #1747#return; {21323#true} is VALID [2022-02-20 18:06:08,650 INFO L290 TraceCheckUtils]: 42: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {21323#true} is VALID [2022-02-20 18:06:08,650 INFO L290 TraceCheckUtils]: 43: Hoare triple {21323#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {21323#true} is VALID [2022-02-20 18:06:08,650 INFO L290 TraceCheckUtils]: 44: Hoare triple {21323#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21323#true} is VALID [2022-02-20 18:06:08,650 INFO L290 TraceCheckUtils]: 45: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {21323#true} is VALID [2022-02-20 18:06:08,650 INFO L290 TraceCheckUtils]: 46: Hoare triple {21323#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {21323#true} is VALID [2022-02-20 18:06:08,650 INFO L290 TraceCheckUtils]: 47: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {21323#true} is VALID [2022-02-20 18:06:08,650 INFO L290 TraceCheckUtils]: 48: Hoare triple {21323#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21323#true} is VALID [2022-02-20 18:06:08,650 INFO L290 TraceCheckUtils]: 49: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {21323#true} is VALID [2022-02-20 18:06:08,651 INFO L290 TraceCheckUtils]: 50: Hoare triple {21323#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21323#true} is VALID [2022-02-20 18:06:08,651 INFO L290 TraceCheckUtils]: 51: Hoare triple {21323#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {21323#true} is VALID [2022-02-20 18:06:08,651 INFO L290 TraceCheckUtils]: 52: Hoare triple {21323#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21323#true} is VALID [2022-02-20 18:06:08,651 INFO L290 TraceCheckUtils]: 53: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~20#1 := 1; {21323#true} is VALID [2022-02-20 18:06:08,651 INFO L290 TraceCheckUtils]: 54: Hoare triple {21323#true} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {21323#true} is VALID [2022-02-20 18:06:08,651 INFO L290 TraceCheckUtils]: 55: Hoare triple {21323#true} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {21323#true} is VALID [2022-02-20 18:06:08,651 INFO L290 TraceCheckUtils]: 56: Hoare triple {21323#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {21323#true} is VALID [2022-02-20 18:06:08,651 INFO L290 TraceCheckUtils]: 57: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {21323#true} is VALID [2022-02-20 18:06:08,652 INFO L272 TraceCheckUtils]: 58: Hoare triple {21323#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:08,652 INFO L290 TraceCheckUtils]: 59: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {21323#true} is VALID [2022-02-20 18:06:08,653 INFO L272 TraceCheckUtils]: 60: Hoare triple {21323#true} call setClientId(~bob___0, ~bob___0); {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:08,653 INFO L290 TraceCheckUtils]: 61: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,653 INFO L290 TraceCheckUtils]: 62: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,653 INFO L290 TraceCheckUtils]: 63: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,653 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21323#true} {21323#true} #1731#return; {21323#true} is VALID [2022-02-20 18:06:08,653 INFO L290 TraceCheckUtils]: 65: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,653 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21323#true} {21323#true} #1749#return; {21323#true} is VALID [2022-02-20 18:06:08,654 INFO L272 TraceCheckUtils]: 67: Hoare triple {21323#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {21417#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:08,654 INFO L290 TraceCheckUtils]: 68: Hoare triple {21417#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,654 INFO L290 TraceCheckUtils]: 69: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,654 INFO L290 TraceCheckUtils]: 70: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,654 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21323#true} {21323#true} #1751#return; {21323#true} is VALID [2022-02-20 18:06:08,654 INFO L290 TraceCheckUtils]: 72: Hoare triple {21323#true} assume { :end_inline_setup_bob__role__Keys } true; {21323#true} is VALID [2022-02-20 18:06:08,655 INFO L290 TraceCheckUtils]: 73: Hoare triple {21323#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {21361#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:06:08,655 INFO L290 TraceCheckUtils]: 74: Hoare triple {21361#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {21362#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:06:08,656 INFO L272 TraceCheckUtils]: 75: Hoare triple {21362#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:08,656 INFO L290 TraceCheckUtils]: 76: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {21418#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:08,657 INFO L272 TraceCheckUtils]: 77: Hoare triple {21418#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:08,657 INFO L290 TraceCheckUtils]: 78: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21424#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:08,657 INFO L290 TraceCheckUtils]: 79: Hoare triple {21424#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21425#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:08,657 INFO L290 TraceCheckUtils]: 80: Hoare triple {21425#(= |setClientId_#in~handle| 1)} assume true; {21425#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:08,658 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21425#(= |setClientId_#in~handle| 1)} {21418#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {21423#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:08,658 INFO L290 TraceCheckUtils]: 82: Hoare triple {21423#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {21423#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:08,658 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {21423#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {21362#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1755#return; {21324#false} is VALID [2022-02-20 18:06:08,659 INFO L272 TraceCheckUtils]: 84: Hoare triple {21324#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {21417#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:08,659 INFO L290 TraceCheckUtils]: 85: Hoare triple {21417#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,659 INFO L290 TraceCheckUtils]: 86: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,659 INFO L290 TraceCheckUtils]: 87: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,659 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21323#true} {21324#false} #1757#return; {21324#false} is VALID [2022-02-20 18:06:08,659 INFO L290 TraceCheckUtils]: 89: Hoare triple {21324#false} assume { :end_inline_setup_rjh__role__Keys } true; {21324#false} is VALID [2022-02-20 18:06:08,659 INFO L290 TraceCheckUtils]: 90: Hoare triple {21324#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {21324#false} is VALID [2022-02-20 18:06:08,659 INFO L290 TraceCheckUtils]: 91: Hoare triple {21324#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {21324#false} is VALID [2022-02-20 18:06:08,660 INFO L272 TraceCheckUtils]: 92: Hoare triple {21324#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:08,660 INFO L290 TraceCheckUtils]: 93: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {21323#true} is VALID [2022-02-20 18:06:08,660 INFO L272 TraceCheckUtils]: 94: Hoare triple {21323#true} call setClientId(~chuck___0, ~chuck___0); {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:08,660 INFO L290 TraceCheckUtils]: 95: Hoare triple {21412#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,660 INFO L290 TraceCheckUtils]: 96: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,660 INFO L290 TraceCheckUtils]: 97: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,661 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21323#true} {21323#true} #1625#return; {21323#true} is VALID [2022-02-20 18:06:08,661 INFO L290 TraceCheckUtils]: 99: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,661 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21323#true} {21324#false} #1761#return; {21324#false} is VALID [2022-02-20 18:06:08,661 INFO L272 TraceCheckUtils]: 101: Hoare triple {21324#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {21417#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:08,661 INFO L290 TraceCheckUtils]: 102: Hoare triple {21417#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,661 INFO L290 TraceCheckUtils]: 103: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,661 INFO L290 TraceCheckUtils]: 104: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,661 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21323#true} {21324#false} #1763#return; {21324#false} is VALID [2022-02-20 18:06:08,661 INFO L290 TraceCheckUtils]: 106: Hoare triple {21324#false} assume { :end_inline_setup_chuck__role__Keys } true; {21324#false} is VALID [2022-02-20 18:06:08,662 INFO L290 TraceCheckUtils]: 107: Hoare triple {21324#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {21324#false} is VALID [2022-02-20 18:06:08,662 INFO L290 TraceCheckUtils]: 108: Hoare triple {21324#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21324#false} is VALID [2022-02-20 18:06:08,662 INFO L290 TraceCheckUtils]: 109: Hoare triple {21324#false} assume !false; {21324#false} is VALID [2022-02-20 18:06:08,662 INFO L290 TraceCheckUtils]: 110: Hoare triple {21324#false} assume !(test_~splverifierCounter~0#1 < 4); {21324#false} is VALID [2022-02-20 18:06:08,662 INFO L290 TraceCheckUtils]: 111: Hoare triple {21324#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {21324#false} is VALID [2022-02-20 18:06:08,662 INFO L272 TraceCheckUtils]: 112: Hoare triple {21324#false} call sendEmail(~bob~0, ~rjh~0); {21324#false} is VALID [2022-02-20 18:06:08,662 INFO L290 TraceCheckUtils]: 113: Hoare triple {21324#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21324#false} is VALID [2022-02-20 18:06:08,662 INFO L272 TraceCheckUtils]: 114: Hoare triple {21324#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21430#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:08,662 INFO L290 TraceCheckUtils]: 115: Hoare triple {21430#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,663 INFO L290 TraceCheckUtils]: 116: Hoare triple {21323#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,663 INFO L290 TraceCheckUtils]: 117: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,663 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {21323#true} {21324#false} #1647#return; {21324#false} is VALID [2022-02-20 18:06:08,663 INFO L272 TraceCheckUtils]: 119: Hoare triple {21324#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21431#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:06:08,663 INFO L290 TraceCheckUtils]: 120: Hoare triple {21431#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,663 INFO L290 TraceCheckUtils]: 121: Hoare triple {21323#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,663 INFO L290 TraceCheckUtils]: 122: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,663 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {21323#true} {21324#false} #1649#return; {21324#false} is VALID [2022-02-20 18:06:08,663 INFO L290 TraceCheckUtils]: 124: Hoare triple {21324#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {21324#false} is VALID [2022-02-20 18:06:08,664 INFO L290 TraceCheckUtils]: 125: Hoare triple {21324#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {21324#false} is VALID [2022-02-20 18:06:08,664 INFO L272 TraceCheckUtils]: 126: Hoare triple {21324#false} call outgoing(~sender#1, ~email~0#1); {21324#false} is VALID [2022-02-20 18:06:08,664 INFO L290 TraceCheckUtils]: 127: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21324#false} is VALID [2022-02-20 18:06:08,664 INFO L290 TraceCheckUtils]: 128: Hoare triple {21324#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {21324#false} is VALID [2022-02-20 18:06:08,664 INFO L272 TraceCheckUtils]: 129: Hoare triple {21324#false} call outgoing__before__Sign(~client#1, ~msg#1); {21324#false} is VALID [2022-02-20 18:06:08,664 INFO L290 TraceCheckUtils]: 130: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21324#false} is VALID [2022-02-20 18:06:08,664 INFO L290 TraceCheckUtils]: 131: Hoare triple {21324#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {21324#false} is VALID [2022-02-20 18:06:08,664 INFO L272 TraceCheckUtils]: 132: Hoare triple {21324#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {21324#false} is VALID [2022-02-20 18:06:08,664 INFO L290 TraceCheckUtils]: 133: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21324#false} is VALID [2022-02-20 18:06:08,665 INFO L290 TraceCheckUtils]: 134: Hoare triple {21324#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret18#1, outgoing__role__Encrypt_#t~ret19#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~3#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~1#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~3#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~1#1; {21324#false} is VALID [2022-02-20 18:06:08,665 INFO L272 TraceCheckUtils]: 135: Hoare triple {21324#false} call outgoing__role__Encrypt_#t~ret18#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {21323#true} is VALID [2022-02-20 18:06:08,665 INFO L290 TraceCheckUtils]: 136: Hoare triple {21323#true} ~handle := #in~handle;havoc ~retValue_acc~3; {21323#true} is VALID [2022-02-20 18:06:08,665 INFO L290 TraceCheckUtils]: 137: Hoare triple {21323#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {21323#true} is VALID [2022-02-20 18:06:08,665 INFO L290 TraceCheckUtils]: 138: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,665 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {21323#true} {21324#false} #1613#return; {21324#false} is VALID [2022-02-20 18:06:08,665 INFO L290 TraceCheckUtils]: 140: Hoare triple {21324#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret18#1 && outgoing__role__Encrypt_#t~ret18#1 <= 2147483647;outgoing__role__Encrypt_~tmp~3#1 := outgoing__role__Encrypt_#t~ret18#1;havoc outgoing__role__Encrypt_#t~ret18#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~3#1; {21324#false} is VALID [2022-02-20 18:06:08,665 INFO L272 TraceCheckUtils]: 141: Hoare triple {21324#false} call outgoing__role__Encrypt_#t~ret19#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {21323#true} is VALID [2022-02-20 18:06:08,665 INFO L290 TraceCheckUtils]: 142: Hoare triple {21323#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {21323#true} is VALID [2022-02-20 18:06:08,666 INFO L290 TraceCheckUtils]: 143: Hoare triple {21323#true} assume 1 == ~handle; {21323#true} is VALID [2022-02-20 18:06:08,666 INFO L290 TraceCheckUtils]: 144: Hoare triple {21323#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {21323#true} is VALID [2022-02-20 18:06:08,666 INFO L290 TraceCheckUtils]: 145: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,666 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {21323#true} {21324#false} #1615#return; {21324#false} is VALID [2022-02-20 18:06:08,666 INFO L290 TraceCheckUtils]: 147: Hoare triple {21324#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret19#1 && outgoing__role__Encrypt_#t~ret19#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~1#1 := outgoing__role__Encrypt_#t~ret19#1;havoc outgoing__role__Encrypt_#t~ret19#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~1#1; {21324#false} is VALID [2022-02-20 18:06:08,666 INFO L290 TraceCheckUtils]: 148: Hoare triple {21324#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {21324#false} is VALID [2022-02-20 18:06:08,666 INFO L272 TraceCheckUtils]: 149: Hoare triple {21324#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {21324#false} is VALID [2022-02-20 18:06:08,666 INFO L290 TraceCheckUtils]: 150: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {21324#false} is VALID [2022-02-20 18:06:08,666 INFO L290 TraceCheckUtils]: 151: Hoare triple {21324#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {21324#false} is VALID [2022-02-20 18:06:08,667 INFO L290 TraceCheckUtils]: 152: Hoare triple {21324#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {21324#false} is VALID [2022-02-20 18:06:08,667 INFO L272 TraceCheckUtils]: 153: Hoare triple {21324#false} call setEmailFrom(~msg#1, ~tmp~2#1); {21430#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:08,667 INFO L290 TraceCheckUtils]: 154: Hoare triple {21430#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:08,667 INFO L290 TraceCheckUtils]: 155: Hoare triple {21323#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:08,667 INFO L290 TraceCheckUtils]: 156: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,667 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {21323#true} {21324#false} #1659#return; {21324#false} is VALID [2022-02-20 18:06:08,667 INFO L290 TraceCheckUtils]: 158: Hoare triple {21324#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {21324#false} is VALID [2022-02-20 18:06:08,667 INFO L290 TraceCheckUtils]: 159: Hoare triple {21324#false} assume 0 != ~in_encrypted~0; {21324#false} is VALID [2022-02-20 18:06:08,667 INFO L272 TraceCheckUtils]: 160: Hoare triple {21324#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {21323#true} is VALID [2022-02-20 18:06:08,668 INFO L290 TraceCheckUtils]: 161: Hoare triple {21323#true} ~handle := #in~handle;havoc ~retValue_acc~6; {21323#true} is VALID [2022-02-20 18:06:08,668 INFO L290 TraceCheckUtils]: 162: Hoare triple {21323#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {21323#true} is VALID [2022-02-20 18:06:08,668 INFO L290 TraceCheckUtils]: 163: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:08,668 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {21323#true} {21324#false} #1661#return; {21324#false} is VALID [2022-02-20 18:06:08,668 INFO L290 TraceCheckUtils]: 165: Hoare triple {21324#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {21324#false} is VALID [2022-02-20 18:06:08,668 INFO L290 TraceCheckUtils]: 166: Hoare triple {21324#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {21324#false} is VALID [2022-02-20 18:06:08,668 INFO L290 TraceCheckUtils]: 167: Hoare triple {21324#false} assume !false; {21324#false} is VALID [2022-02-20 18:06:08,669 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 106 trivial. 0 not checked. [2022-02-20 18:06:08,669 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:08,669 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [939414041] [2022-02-20 18:06:08,669 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [939414041] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:06:08,669 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1160999984] [2022-02-20 18:06:08,669 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:08,670 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:06:08,670 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:06:08,671 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:06:08,672 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:06:08,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,953 INFO L263 TraceCheckSpWp]: Trace formula consists of 1451 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:06:09,013 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:09,020 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:09,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {21323#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {21323#true} is VALID [2022-02-20 18:06:09,326 INFO L290 TraceCheckUtils]: 1: Hoare triple {21323#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {21323#true} is VALID [2022-02-20 18:06:09,326 INFO L290 TraceCheckUtils]: 2: Hoare triple {21323#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {21323#true} is VALID [2022-02-20 18:06:09,326 INFO L272 TraceCheckUtils]: 3: Hoare triple {21323#true} call select_features_#t~ret96#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:09,326 INFO L290 TraceCheckUtils]: 4: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:09,326 INFO L290 TraceCheckUtils]: 5: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,326 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21323#true} {21323#true} #1733#return; {21323#true} is VALID [2022-02-20 18:06:09,326 INFO L290 TraceCheckUtils]: 7: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {21323#true} is VALID [2022-02-20 18:06:09,327 INFO L272 TraceCheckUtils]: 8: Hoare triple {21323#true} call select_features_#t~ret97#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:09,327 INFO L290 TraceCheckUtils]: 9: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:09,327 INFO L290 TraceCheckUtils]: 10: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,327 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {21323#true} {21323#true} #1735#return; {21323#true} is VALID [2022-02-20 18:06:09,327 INFO L290 TraceCheckUtils]: 12: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {21323#true} is VALID [2022-02-20 18:06:09,327 INFO L272 TraceCheckUtils]: 13: Hoare triple {21323#true} call select_features_#t~ret98#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:09,328 INFO L290 TraceCheckUtils]: 14: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:09,328 INFO L290 TraceCheckUtils]: 15: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,328 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21323#true} {21323#true} #1737#return; {21323#true} is VALID [2022-02-20 18:06:09,328 INFO L290 TraceCheckUtils]: 17: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {21323#true} is VALID [2022-02-20 18:06:09,328 INFO L272 TraceCheckUtils]: 18: Hoare triple {21323#true} call select_features_#t~ret99#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:09,328 INFO L290 TraceCheckUtils]: 19: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:09,328 INFO L290 TraceCheckUtils]: 20: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,329 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {21323#true} {21323#true} #1739#return; {21323#true} is VALID [2022-02-20 18:06:09,329 INFO L290 TraceCheckUtils]: 22: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {21323#true} is VALID [2022-02-20 18:06:09,329 INFO L272 TraceCheckUtils]: 23: Hoare triple {21323#true} call select_features_#t~ret100#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:09,330 INFO L290 TraceCheckUtils]: 24: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:09,330 INFO L290 TraceCheckUtils]: 25: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,330 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {21323#true} {21323#true} #1741#return; {21323#true} is VALID [2022-02-20 18:06:09,330 INFO L290 TraceCheckUtils]: 27: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {21323#true} is VALID [2022-02-20 18:06:09,330 INFO L272 TraceCheckUtils]: 28: Hoare triple {21323#true} call select_features_#t~ret101#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:09,330 INFO L290 TraceCheckUtils]: 29: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:09,330 INFO L290 TraceCheckUtils]: 30: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,331 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {21323#true} {21323#true} #1743#return; {21323#true} is VALID [2022-02-20 18:06:09,331 INFO L290 TraceCheckUtils]: 32: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {21323#true} is VALID [2022-02-20 18:06:09,331 INFO L272 TraceCheckUtils]: 33: Hoare triple {21323#true} call select_features_#t~ret102#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:09,331 INFO L290 TraceCheckUtils]: 34: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:09,331 INFO L290 TraceCheckUtils]: 35: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,331 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {21323#true} {21323#true} #1745#return; {21323#true} is VALID [2022-02-20 18:06:09,332 INFO L290 TraceCheckUtils]: 37: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {21323#true} is VALID [2022-02-20 18:06:09,332 INFO L272 TraceCheckUtils]: 38: Hoare triple {21323#true} call select_features_#t~ret103#1 := select_one(); {21323#true} is VALID [2022-02-20 18:06:09,332 INFO L290 TraceCheckUtils]: 39: Hoare triple {21323#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {21323#true} is VALID [2022-02-20 18:06:09,332 INFO L290 TraceCheckUtils]: 40: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,332 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {21323#true} {21323#true} #1747#return; {21323#true} is VALID [2022-02-20 18:06:09,332 INFO L290 TraceCheckUtils]: 42: Hoare triple {21323#true} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {21323#true} is VALID [2022-02-20 18:06:09,332 INFO L290 TraceCheckUtils]: 43: Hoare triple {21323#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {21323#true} is VALID [2022-02-20 18:06:09,333 INFO L290 TraceCheckUtils]: 44: Hoare triple {21323#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21323#true} is VALID [2022-02-20 18:06:09,333 INFO L290 TraceCheckUtils]: 45: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {21323#true} is VALID [2022-02-20 18:06:09,333 INFO L290 TraceCheckUtils]: 46: Hoare triple {21323#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {21323#true} is VALID [2022-02-20 18:06:09,333 INFO L290 TraceCheckUtils]: 47: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {21323#true} is VALID [2022-02-20 18:06:09,333 INFO L290 TraceCheckUtils]: 48: Hoare triple {21323#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {21323#true} is VALID [2022-02-20 18:06:09,333 INFO L290 TraceCheckUtils]: 49: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {21323#true} is VALID [2022-02-20 18:06:09,333 INFO L290 TraceCheckUtils]: 50: Hoare triple {21323#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21323#true} is VALID [2022-02-20 18:06:09,334 INFO L290 TraceCheckUtils]: 51: Hoare triple {21323#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {21323#true} is VALID [2022-02-20 18:06:09,334 INFO L290 TraceCheckUtils]: 52: Hoare triple {21323#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {21323#true} is VALID [2022-02-20 18:06:09,334 INFO L290 TraceCheckUtils]: 53: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~20#1 := 1; {21323#true} is VALID [2022-02-20 18:06:09,334 INFO L290 TraceCheckUtils]: 54: Hoare triple {21323#true} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {21323#true} is VALID [2022-02-20 18:06:09,334 INFO L290 TraceCheckUtils]: 55: Hoare triple {21323#true} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {21323#true} is VALID [2022-02-20 18:06:09,334 INFO L290 TraceCheckUtils]: 56: Hoare triple {21323#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {21323#true} is VALID [2022-02-20 18:06:09,335 INFO L290 TraceCheckUtils]: 57: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {21323#true} is VALID [2022-02-20 18:06:09,335 INFO L272 TraceCheckUtils]: 58: Hoare triple {21323#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {21323#true} is VALID [2022-02-20 18:06:09,335 INFO L290 TraceCheckUtils]: 59: Hoare triple {21323#true} ~bob___0 := #in~bob___0; {21323#true} is VALID [2022-02-20 18:06:09,335 INFO L272 TraceCheckUtils]: 60: Hoare triple {21323#true} call setClientId(~bob___0, ~bob___0); {21323#true} is VALID [2022-02-20 18:06:09,335 INFO L290 TraceCheckUtils]: 61: Hoare triple {21323#true} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:09,335 INFO L290 TraceCheckUtils]: 62: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:09,335 INFO L290 TraceCheckUtils]: 63: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,336 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21323#true} {21323#true} #1731#return; {21323#true} is VALID [2022-02-20 18:06:09,336 INFO L290 TraceCheckUtils]: 65: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,336 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21323#true} {21323#true} #1749#return; {21323#true} is VALID [2022-02-20 18:06:09,336 INFO L272 TraceCheckUtils]: 67: Hoare triple {21323#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {21323#true} is VALID [2022-02-20 18:06:09,336 INFO L290 TraceCheckUtils]: 68: Hoare triple {21323#true} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:09,336 INFO L290 TraceCheckUtils]: 69: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:09,336 INFO L290 TraceCheckUtils]: 70: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,336 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21323#true} {21323#true} #1751#return; {21323#true} is VALID [2022-02-20 18:06:09,337 INFO L290 TraceCheckUtils]: 72: Hoare triple {21323#true} assume { :end_inline_setup_bob__role__Keys } true; {21323#true} is VALID [2022-02-20 18:06:09,337 INFO L290 TraceCheckUtils]: 73: Hoare triple {21323#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {21323#true} is VALID [2022-02-20 18:06:09,337 INFO L290 TraceCheckUtils]: 74: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {21323#true} is VALID [2022-02-20 18:06:09,337 INFO L272 TraceCheckUtils]: 75: Hoare triple {21323#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {21323#true} is VALID [2022-02-20 18:06:09,337 INFO L290 TraceCheckUtils]: 76: Hoare triple {21323#true} ~rjh___0 := #in~rjh___0; {21323#true} is VALID [2022-02-20 18:06:09,337 INFO L272 TraceCheckUtils]: 77: Hoare triple {21323#true} call setClientId(~rjh___0, ~rjh___0); {21323#true} is VALID [2022-02-20 18:06:09,337 INFO L290 TraceCheckUtils]: 78: Hoare triple {21323#true} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:09,337 INFO L290 TraceCheckUtils]: 79: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:09,337 INFO L290 TraceCheckUtils]: 80: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,338 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21323#true} {21323#true} #1683#return; {21323#true} is VALID [2022-02-20 18:06:09,338 INFO L290 TraceCheckUtils]: 82: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,338 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {21323#true} {21323#true} #1755#return; {21323#true} is VALID [2022-02-20 18:06:09,338 INFO L272 TraceCheckUtils]: 84: Hoare triple {21323#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {21323#true} is VALID [2022-02-20 18:06:09,338 INFO L290 TraceCheckUtils]: 85: Hoare triple {21323#true} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:09,338 INFO L290 TraceCheckUtils]: 86: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:09,338 INFO L290 TraceCheckUtils]: 87: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,338 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {21323#true} {21323#true} #1757#return; {21323#true} is VALID [2022-02-20 18:06:09,339 INFO L290 TraceCheckUtils]: 89: Hoare triple {21323#true} assume { :end_inline_setup_rjh__role__Keys } true; {21323#true} is VALID [2022-02-20 18:06:09,339 INFO L290 TraceCheckUtils]: 90: Hoare triple {21323#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {21323#true} is VALID [2022-02-20 18:06:09,339 INFO L290 TraceCheckUtils]: 91: Hoare triple {21323#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {21323#true} is VALID [2022-02-20 18:06:09,339 INFO L272 TraceCheckUtils]: 92: Hoare triple {21323#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {21323#true} is VALID [2022-02-20 18:06:09,339 INFO L290 TraceCheckUtils]: 93: Hoare triple {21323#true} ~chuck___0 := #in~chuck___0; {21323#true} is VALID [2022-02-20 18:06:09,339 INFO L272 TraceCheckUtils]: 94: Hoare triple {21323#true} call setClientId(~chuck___0, ~chuck___0); {21323#true} is VALID [2022-02-20 18:06:09,339 INFO L290 TraceCheckUtils]: 95: Hoare triple {21323#true} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:09,339 INFO L290 TraceCheckUtils]: 96: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:09,340 INFO L290 TraceCheckUtils]: 97: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,340 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21323#true} {21323#true} #1625#return; {21323#true} is VALID [2022-02-20 18:06:09,340 INFO L290 TraceCheckUtils]: 99: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,340 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21323#true} {21323#true} #1761#return; {21323#true} is VALID [2022-02-20 18:06:09,340 INFO L272 TraceCheckUtils]: 101: Hoare triple {21323#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {21323#true} is VALID [2022-02-20 18:06:09,340 INFO L290 TraceCheckUtils]: 102: Hoare triple {21323#true} ~handle := #in~handle;~value := #in~value; {21323#true} is VALID [2022-02-20 18:06:09,340 INFO L290 TraceCheckUtils]: 103: Hoare triple {21323#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21323#true} is VALID [2022-02-20 18:06:09,340 INFO L290 TraceCheckUtils]: 104: Hoare triple {21323#true} assume true; {21323#true} is VALID [2022-02-20 18:06:09,341 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21323#true} {21323#true} #1763#return; {21323#true} is VALID [2022-02-20 18:06:09,341 INFO L290 TraceCheckUtils]: 106: Hoare triple {21323#true} assume { :end_inline_setup_chuck__role__Keys } true; {21323#true} is VALID [2022-02-20 18:06:09,341 INFO L290 TraceCheckUtils]: 107: Hoare triple {21323#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {21323#true} is VALID [2022-02-20 18:06:09,341 INFO L290 TraceCheckUtils]: 108: Hoare triple {21323#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21759#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:06:09,342 INFO L290 TraceCheckUtils]: 109: Hoare triple {21759#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {21759#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:06:09,342 INFO L290 TraceCheckUtils]: 110: Hoare triple {21759#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {21324#false} is VALID [2022-02-20 18:06:09,342 INFO L290 TraceCheckUtils]: 111: Hoare triple {21324#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {21324#false} is VALID [2022-02-20 18:06:09,342 INFO L272 TraceCheckUtils]: 112: Hoare triple {21324#false} call sendEmail(~bob~0, ~rjh~0); {21324#false} is VALID [2022-02-20 18:06:09,342 INFO L290 TraceCheckUtils]: 113: Hoare triple {21324#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21324#false} is VALID [2022-02-20 18:06:09,342 INFO L272 TraceCheckUtils]: 114: Hoare triple {21324#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21324#false} is VALID [2022-02-20 18:06:09,343 INFO L290 TraceCheckUtils]: 115: Hoare triple {21324#false} ~handle := #in~handle;~value := #in~value; {21324#false} is VALID [2022-02-20 18:06:09,343 INFO L290 TraceCheckUtils]: 116: Hoare triple {21324#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21324#false} is VALID [2022-02-20 18:06:09,343 INFO L290 TraceCheckUtils]: 117: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:06:09,343 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {21324#false} {21324#false} #1647#return; {21324#false} is VALID [2022-02-20 18:06:09,343 INFO L272 TraceCheckUtils]: 119: Hoare triple {21324#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21324#false} is VALID [2022-02-20 18:06:09,343 INFO L290 TraceCheckUtils]: 120: Hoare triple {21324#false} ~handle := #in~handle;~value := #in~value; {21324#false} is VALID [2022-02-20 18:06:09,343 INFO L290 TraceCheckUtils]: 121: Hoare triple {21324#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21324#false} is VALID [2022-02-20 18:06:09,343 INFO L290 TraceCheckUtils]: 122: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:06:09,343 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {21324#false} {21324#false} #1649#return; {21324#false} is VALID [2022-02-20 18:06:09,344 INFO L290 TraceCheckUtils]: 124: Hoare triple {21324#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {21324#false} is VALID [2022-02-20 18:06:09,344 INFO L290 TraceCheckUtils]: 125: Hoare triple {21324#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {21324#false} is VALID [2022-02-20 18:06:09,344 INFO L272 TraceCheckUtils]: 126: Hoare triple {21324#false} call outgoing(~sender#1, ~email~0#1); {21324#false} is VALID [2022-02-20 18:06:09,344 INFO L290 TraceCheckUtils]: 127: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21324#false} is VALID [2022-02-20 18:06:09,344 INFO L290 TraceCheckUtils]: 128: Hoare triple {21324#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {21324#false} is VALID [2022-02-20 18:06:09,344 INFO L272 TraceCheckUtils]: 129: Hoare triple {21324#false} call outgoing__before__Sign(~client#1, ~msg#1); {21324#false} is VALID [2022-02-20 18:06:09,344 INFO L290 TraceCheckUtils]: 130: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21324#false} is VALID [2022-02-20 18:06:09,344 INFO L290 TraceCheckUtils]: 131: Hoare triple {21324#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {21324#false} is VALID [2022-02-20 18:06:09,345 INFO L272 TraceCheckUtils]: 132: Hoare triple {21324#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {21324#false} is VALID [2022-02-20 18:06:09,345 INFO L290 TraceCheckUtils]: 133: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {21324#false} is VALID [2022-02-20 18:06:09,345 INFO L290 TraceCheckUtils]: 134: Hoare triple {21324#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret18#1, outgoing__role__Encrypt_#t~ret19#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~3#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~1#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~3#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~1#1; {21324#false} is VALID [2022-02-20 18:06:09,345 INFO L272 TraceCheckUtils]: 135: Hoare triple {21324#false} call outgoing__role__Encrypt_#t~ret18#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {21324#false} is VALID [2022-02-20 18:06:09,345 INFO L290 TraceCheckUtils]: 136: Hoare triple {21324#false} ~handle := #in~handle;havoc ~retValue_acc~3; {21324#false} is VALID [2022-02-20 18:06:09,345 INFO L290 TraceCheckUtils]: 137: Hoare triple {21324#false} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {21324#false} is VALID [2022-02-20 18:06:09,345 INFO L290 TraceCheckUtils]: 138: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:06:09,345 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {21324#false} {21324#false} #1613#return; {21324#false} is VALID [2022-02-20 18:06:09,345 INFO L290 TraceCheckUtils]: 140: Hoare triple {21324#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret18#1 && outgoing__role__Encrypt_#t~ret18#1 <= 2147483647;outgoing__role__Encrypt_~tmp~3#1 := outgoing__role__Encrypt_#t~ret18#1;havoc outgoing__role__Encrypt_#t~ret18#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~3#1; {21324#false} is VALID [2022-02-20 18:06:09,346 INFO L272 TraceCheckUtils]: 141: Hoare triple {21324#false} call outgoing__role__Encrypt_#t~ret19#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {21324#false} is VALID [2022-02-20 18:06:09,346 INFO L290 TraceCheckUtils]: 142: Hoare triple {21324#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {21324#false} is VALID [2022-02-20 18:06:09,346 INFO L290 TraceCheckUtils]: 143: Hoare triple {21324#false} assume 1 == ~handle; {21324#false} is VALID [2022-02-20 18:06:09,346 INFO L290 TraceCheckUtils]: 144: Hoare triple {21324#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {21324#false} is VALID [2022-02-20 18:06:09,346 INFO L290 TraceCheckUtils]: 145: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:06:09,346 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {21324#false} {21324#false} #1615#return; {21324#false} is VALID [2022-02-20 18:06:09,346 INFO L290 TraceCheckUtils]: 147: Hoare triple {21324#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret19#1 && outgoing__role__Encrypt_#t~ret19#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~1#1 := outgoing__role__Encrypt_#t~ret19#1;havoc outgoing__role__Encrypt_#t~ret19#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~1#1; {21324#false} is VALID [2022-02-20 18:06:09,346 INFO L290 TraceCheckUtils]: 148: Hoare triple {21324#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {21324#false} is VALID [2022-02-20 18:06:09,347 INFO L272 TraceCheckUtils]: 149: Hoare triple {21324#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {21324#false} is VALID [2022-02-20 18:06:09,347 INFO L290 TraceCheckUtils]: 150: Hoare triple {21324#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {21324#false} is VALID [2022-02-20 18:06:09,347 INFO L290 TraceCheckUtils]: 151: Hoare triple {21324#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {21324#false} is VALID [2022-02-20 18:06:09,347 INFO L290 TraceCheckUtils]: 152: Hoare triple {21324#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {21324#false} is VALID [2022-02-20 18:06:09,347 INFO L272 TraceCheckUtils]: 153: Hoare triple {21324#false} call setEmailFrom(~msg#1, ~tmp~2#1); {21324#false} is VALID [2022-02-20 18:06:09,347 INFO L290 TraceCheckUtils]: 154: Hoare triple {21324#false} ~handle := #in~handle;~value := #in~value; {21324#false} is VALID [2022-02-20 18:06:09,347 INFO L290 TraceCheckUtils]: 155: Hoare triple {21324#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21324#false} is VALID [2022-02-20 18:06:09,347 INFO L290 TraceCheckUtils]: 156: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:06:09,348 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {21324#false} {21324#false} #1659#return; {21324#false} is VALID [2022-02-20 18:06:09,348 INFO L290 TraceCheckUtils]: 158: Hoare triple {21324#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {21324#false} is VALID [2022-02-20 18:06:09,348 INFO L290 TraceCheckUtils]: 159: Hoare triple {21324#false} assume 0 != ~in_encrypted~0; {21324#false} is VALID [2022-02-20 18:06:09,348 INFO L272 TraceCheckUtils]: 160: Hoare triple {21324#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {21324#false} is VALID [2022-02-20 18:06:09,348 INFO L290 TraceCheckUtils]: 161: Hoare triple {21324#false} ~handle := #in~handle;havoc ~retValue_acc~6; {21324#false} is VALID [2022-02-20 18:06:09,348 INFO L290 TraceCheckUtils]: 162: Hoare triple {21324#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {21324#false} is VALID [2022-02-20 18:06:09,348 INFO L290 TraceCheckUtils]: 163: Hoare triple {21324#false} assume true; {21324#false} is VALID [2022-02-20 18:06:09,348 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {21324#false} {21324#false} #1661#return; {21324#false} is VALID [2022-02-20 18:06:09,348 INFO L290 TraceCheckUtils]: 165: Hoare triple {21324#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {21324#false} is VALID [2022-02-20 18:06:09,349 INFO L290 TraceCheckUtils]: 166: Hoare triple {21324#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {21324#false} is VALID [2022-02-20 18:06:09,349 INFO L290 TraceCheckUtils]: 167: Hoare triple {21324#false} assume !false; {21324#false} is VALID [2022-02-20 18:06:09,349 INFO L134 CoverageAnalysis]: Checked inductivity of 112 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 18:06:09,349 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:09,349 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1160999984] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:09,350 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:06:09,350 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 18:06:09,350 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1726386782] [2022-02-20 18:06:09,350 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:09,351 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 168 [2022-02-20 18:06:09,351 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:09,351 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:06:09,464 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 139 edges. 139 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:09,464 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:06:09,464 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:09,465 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:06:09,465 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:06:09,466 INFO L87 Difference]: Start difference. First operand 592 states and 850 transitions. Second operand has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:06:10,094 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:10,094 INFO L93 Difference]: Finished difference Result 919 states and 1301 transitions. [2022-02-20 18:06:10,095 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:06:10,095 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) Word has length 168 [2022-02-20 18:06:10,095 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:10,095 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:06:10,106 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1299 transitions. [2022-02-20 18:06:10,106 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:06:10,116 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1299 transitions. [2022-02-20 18:06:10,116 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1299 transitions. [2022-02-20 18:06:10,929 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1299 edges. 1299 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:10,948 INFO L225 Difference]: With dead ends: 919 [2022-02-20 18:06:10,948 INFO L226 Difference]: Without dead ends: 595 [2022-02-20 18:06:10,950 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 219 GetRequests, 208 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:06:10,950 INFO L933 BasicCegarLoop]: 846 mSDtfsCounter, 1 mSDsluCounter, 844 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1690 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:10,950 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1690 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:10,951 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 595 states. [2022-02-20 18:06:10,971 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 595 to 594. [2022-02-20 18:06:10,971 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:10,972 INFO L82 GeneralOperation]: Start isEquivalent. First operand 595 states. Second operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:06:10,973 INFO L74 IsIncluded]: Start isIncluded. First operand 595 states. Second operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:06:10,974 INFO L87 Difference]: Start difference. First operand 595 states. Second operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:06:10,989 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:10,990 INFO L93 Difference]: Finished difference Result 595 states and 853 transitions. [2022-02-20 18:06:10,990 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 853 transitions. [2022-02-20 18:06:10,991 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:10,991 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:10,992 INFO L74 IsIncluded]: Start isIncluded. First operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 595 states. [2022-02-20 18:06:10,993 INFO L87 Difference]: Start difference. First operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) Second operand 595 states. [2022-02-20 18:06:11,009 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:11,009 INFO L93 Difference]: Finished difference Result 595 states and 853 transitions. [2022-02-20 18:06:11,009 INFO L276 IsEmpty]: Start isEmpty. Operand 595 states and 853 transitions. [2022-02-20 18:06:11,010 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:11,011 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:11,011 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:11,011 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:11,012 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 594 states, 446 states have (on average 1.4506726457399104) internal successors, (647), 457 states have internal predecessors, (647), 103 states have call successors, (103), 44 states have call predecessors, (103), 44 states have return successors, (102), 101 states have call predecessors, (102), 102 states have call successors, (102) [2022-02-20 18:06:11,032 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 594 states to 594 states and 852 transitions. [2022-02-20 18:06:11,032 INFO L78 Accepts]: Start accepts. Automaton has 594 states and 852 transitions. Word has length 168 [2022-02-20 18:06:11,033 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:11,033 INFO L470 AbstractCegarLoop]: Abstraction has 594 states and 852 transitions. [2022-02-20 18:06:11,033 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 29.333333333333332) internal successors, (88), 3 states have internal predecessors, (88), 2 states have call successors, (28), 2 states have call predecessors, (28), 2 states have return successors, (23), 2 states have call predecessors, (23), 2 states have call successors, (23) [2022-02-20 18:06:11,033 INFO L276 IsEmpty]: Start isEmpty. Operand 594 states and 852 transitions. [2022-02-20 18:06:11,035 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 184 [2022-02-20 18:06:11,035 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:11,035 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:11,058 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:11,255 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable5 [2022-02-20 18:06:11,255 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:11,256 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:11,256 INFO L85 PathProgramCache]: Analyzing trace with hash -1535662965, now seen corresponding path program 1 times [2022-02-20 18:06:11,256 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:11,256 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1447549620] [2022-02-20 18:06:11,256 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:11,256 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:11,311 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,341 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:06:11,344 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,349 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,349 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,350 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25219#true} {25219#true} #1733#return; {25219#true} is VALID [2022-02-20 18:06:11,350 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:06:11,362 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,369 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,369 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,374 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25219#true} {25219#true} #1735#return; {25219#true} is VALID [2022-02-20 18:06:11,375 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:06:11,377 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,379 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,379 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25219#true} {25219#true} #1737#return; {25219#true} is VALID [2022-02-20 18:06:11,380 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:06:11,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,385 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,385 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,385 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25219#true} {25219#true} #1739#return; {25219#true} is VALID [2022-02-20 18:06:11,385 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:06:11,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,389 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,390 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,390 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25219#true} {25219#true} #1741#return; {25219#true} is VALID [2022-02-20 18:06:11,390 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:06:11,391 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,393 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,394 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,394 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25219#true} {25219#true} #1743#return; {25219#true} is VALID [2022-02-20 18:06:11,394 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:06:11,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,398 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,398 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,398 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25219#true} {25219#true} #1745#return; {25219#true} is VALID [2022-02-20 18:06:11,399 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:06:11,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,403 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,403 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,403 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {25219#true} {25219#true} #1747#return; {25219#true} is VALID [2022-02-20 18:06:11,409 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:06:11,411 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,413 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:11,413 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,415 INFO L290 TraceCheckUtils]: 0: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,416 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,416 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,416 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25219#true} {25219#true} #1731#return; {25219#true} is VALID [2022-02-20 18:06:11,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25219#true} is VALID [2022-02-20 18:06:11,417 INFO L272 TraceCheckUtils]: 1: Hoare triple {25219#true} call setClientId(~bob___0, ~bob___0); {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:11,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,417 INFO L290 TraceCheckUtils]: 3: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,417 INFO L290 TraceCheckUtils]: 4: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,417 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25219#true} {25219#true} #1731#return; {25219#true} is VALID [2022-02-20 18:06:11,417 INFO L290 TraceCheckUtils]: 6: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,417 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25219#true} {25219#true} #1749#return; {25219#true} is VALID [2022-02-20 18:06:11,424 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:06:11,426 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,429 INFO L290 TraceCheckUtils]: 0: Hoare triple {25317#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,429 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,429 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,430 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25219#true} {25219#true} #1751#return; {25219#true} is VALID [2022-02-20 18:06:11,430 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:06:11,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,446 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:11,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,463 INFO L290 TraceCheckUtils]: 0: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25324#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,463 INFO L290 TraceCheckUtils]: 1: Hoare triple {25324#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25325#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:11,463 INFO L290 TraceCheckUtils]: 2: Hoare triple {25325#(= |setClientId_#in~handle| 1)} assume true; {25325#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:11,464 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25325#(= |setClientId_#in~handle| 1)} {25318#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {25323#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:11,464 INFO L290 TraceCheckUtils]: 0: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25318#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:11,465 INFO L272 TraceCheckUtils]: 1: Hoare triple {25318#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:11,465 INFO L290 TraceCheckUtils]: 2: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25324#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,466 INFO L290 TraceCheckUtils]: 3: Hoare triple {25324#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25325#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:11,466 INFO L290 TraceCheckUtils]: 4: Hoare triple {25325#(= |setClientId_#in~handle| 1)} assume true; {25325#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:11,467 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25325#(= |setClientId_#in~handle| 1)} {25318#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {25323#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:11,467 INFO L290 TraceCheckUtils]: 6: Hoare triple {25323#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {25323#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:11,467 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25323#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {25258#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1755#return; {25220#false} is VALID [2022-02-20 18:06:11,468 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:06:11,469 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,471 INFO L290 TraceCheckUtils]: 0: Hoare triple {25317#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,471 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,471 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,471 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25219#true} {25220#false} #1757#return; {25220#false} is VALID [2022-02-20 18:06:11,471 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:06:11,473 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,475 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:11,476 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,477 INFO L290 TraceCheckUtils]: 0: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,478 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,478 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,478 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25219#true} {25219#true} #1625#return; {25219#true} is VALID [2022-02-20 18:06:11,478 INFO L290 TraceCheckUtils]: 0: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25219#true} is VALID [2022-02-20 18:06:11,479 INFO L272 TraceCheckUtils]: 1: Hoare triple {25219#true} call setClientId(~chuck___0, ~chuck___0); {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:11,479 INFO L290 TraceCheckUtils]: 2: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,479 INFO L290 TraceCheckUtils]: 3: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,479 INFO L290 TraceCheckUtils]: 4: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,479 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25219#true} {25219#true} #1625#return; {25219#true} is VALID [2022-02-20 18:06:11,479 INFO L290 TraceCheckUtils]: 6: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,479 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {25219#true} {25220#false} #1761#return; {25220#false} is VALID [2022-02-20 18:06:11,480 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:06:11,481 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,483 INFO L290 TraceCheckUtils]: 0: Hoare triple {25317#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,483 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,483 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,483 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25219#true} {25220#false} #1763#return; {25220#false} is VALID [2022-02-20 18:06:11,491 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:06:11,492 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,494 INFO L290 TraceCheckUtils]: 0: Hoare triple {25330#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,494 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,494 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,495 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25219#true} {25220#false} #1647#return; {25220#false} is VALID [2022-02-20 18:06:11,503 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 18:06:11,506 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,507 INFO L290 TraceCheckUtils]: 0: Hoare triple {25331#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,508 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,508 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,508 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25219#true} {25220#false} #1649#return; {25220#false} is VALID [2022-02-20 18:06:11,508 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 140 [2022-02-20 18:06:11,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,510 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} ~handle := #in~handle;havoc ~retValue_acc~31; {25219#true} is VALID [2022-02-20 18:06:11,510 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~31; {25219#true} is VALID [2022-02-20 18:06:11,510 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,510 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25219#true} {25220#false} #1627#return; {25220#false} is VALID [2022-02-20 18:06:11,511 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-02-20 18:06:11,511 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,512 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} ~handle := #in~handle;havoc ~retValue_acc~3; {25219#true} is VALID [2022-02-20 18:06:11,513 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {25219#true} is VALID [2022-02-20 18:06:11,513 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,513 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25219#true} {25220#false} #1613#return; {25220#false} is VALID [2022-02-20 18:06:11,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 156 [2022-02-20 18:06:11,513 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,515 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {25219#true} is VALID [2022-02-20 18:06:11,515 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume 1 == ~handle; {25219#true} is VALID [2022-02-20 18:06:11,515 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {25219#true} is VALID [2022-02-20 18:06:11,515 INFO L290 TraceCheckUtils]: 3: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,515 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25219#true} {25220#false} #1615#return; {25220#false} is VALID [2022-02-20 18:06:11,516 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 168 [2022-02-20 18:06:11,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {25330#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,518 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,518 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25219#true} {25220#false} #1659#return; {25220#false} is VALID [2022-02-20 18:06:11,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 175 [2022-02-20 18:06:11,519 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,521 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} ~handle := #in~handle;havoc ~retValue_acc~6; {25219#true} is VALID [2022-02-20 18:06:11,521 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {25219#true} is VALID [2022-02-20 18:06:11,521 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,521 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25219#true} {25220#false} #1661#return; {25220#false} is VALID [2022-02-20 18:06:11,521 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {25219#true} is VALID [2022-02-20 18:06:11,521 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25219#true} is VALID [2022-02-20 18:06:11,522 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {25219#true} is VALID [2022-02-20 18:06:11,522 INFO L272 TraceCheckUtils]: 3: Hoare triple {25219#true} call select_features_#t~ret96#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:11,522 INFO L290 TraceCheckUtils]: 4: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,522 INFO L290 TraceCheckUtils]: 5: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,522 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25219#true} {25219#true} #1733#return; {25219#true} is VALID [2022-02-20 18:06:11,522 INFO L290 TraceCheckUtils]: 7: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {25219#true} is VALID [2022-02-20 18:06:11,522 INFO L272 TraceCheckUtils]: 8: Hoare triple {25219#true} call select_features_#t~ret97#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:11,523 INFO L290 TraceCheckUtils]: 9: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,523 INFO L290 TraceCheckUtils]: 10: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,523 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25219#true} {25219#true} #1735#return; {25219#true} is VALID [2022-02-20 18:06:11,523 INFO L290 TraceCheckUtils]: 12: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {25219#true} is VALID [2022-02-20 18:06:11,523 INFO L272 TraceCheckUtils]: 13: Hoare triple {25219#true} call select_features_#t~ret98#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:11,523 INFO L290 TraceCheckUtils]: 14: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,523 INFO L290 TraceCheckUtils]: 15: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,524 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25219#true} {25219#true} #1737#return; {25219#true} is VALID [2022-02-20 18:06:11,524 INFO L290 TraceCheckUtils]: 17: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {25219#true} is VALID [2022-02-20 18:06:11,524 INFO L272 TraceCheckUtils]: 18: Hoare triple {25219#true} call select_features_#t~ret99#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:11,524 INFO L290 TraceCheckUtils]: 19: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,524 INFO L290 TraceCheckUtils]: 20: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,524 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25219#true} {25219#true} #1739#return; {25219#true} is VALID [2022-02-20 18:06:11,524 INFO L290 TraceCheckUtils]: 22: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {25219#true} is VALID [2022-02-20 18:06:11,524 INFO L272 TraceCheckUtils]: 23: Hoare triple {25219#true} call select_features_#t~ret100#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:11,525 INFO L290 TraceCheckUtils]: 24: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,525 INFO L290 TraceCheckUtils]: 25: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,525 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25219#true} {25219#true} #1741#return; {25219#true} is VALID [2022-02-20 18:06:11,525 INFO L290 TraceCheckUtils]: 27: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {25219#true} is VALID [2022-02-20 18:06:11,525 INFO L272 TraceCheckUtils]: 28: Hoare triple {25219#true} call select_features_#t~ret101#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:11,525 INFO L290 TraceCheckUtils]: 29: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,525 INFO L290 TraceCheckUtils]: 30: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,526 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25219#true} {25219#true} #1743#return; {25219#true} is VALID [2022-02-20 18:06:11,526 INFO L290 TraceCheckUtils]: 32: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {25219#true} is VALID [2022-02-20 18:06:11,526 INFO L272 TraceCheckUtils]: 33: Hoare triple {25219#true} call select_features_#t~ret102#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:11,526 INFO L290 TraceCheckUtils]: 34: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,526 INFO L290 TraceCheckUtils]: 35: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,526 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25219#true} {25219#true} #1745#return; {25219#true} is VALID [2022-02-20 18:06:11,526 INFO L290 TraceCheckUtils]: 37: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {25219#true} is VALID [2022-02-20 18:06:11,526 INFO L272 TraceCheckUtils]: 38: Hoare triple {25219#true} call select_features_#t~ret103#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:11,527 INFO L290 TraceCheckUtils]: 39: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:11,527 INFO L290 TraceCheckUtils]: 40: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,527 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25219#true} {25219#true} #1747#return; {25219#true} is VALID [2022-02-20 18:06:11,527 INFO L290 TraceCheckUtils]: 42: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {25219#true} is VALID [2022-02-20 18:06:11,527 INFO L290 TraceCheckUtils]: 43: Hoare triple {25219#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {25219#true} is VALID [2022-02-20 18:06:11,527 INFO L290 TraceCheckUtils]: 44: Hoare triple {25219#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25219#true} is VALID [2022-02-20 18:06:11,527 INFO L290 TraceCheckUtils]: 45: Hoare triple {25219#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {25219#true} is VALID [2022-02-20 18:06:11,528 INFO L290 TraceCheckUtils]: 46: Hoare triple {25219#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {25219#true} is VALID [2022-02-20 18:06:11,528 INFO L290 TraceCheckUtils]: 47: Hoare triple {25219#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {25219#true} is VALID [2022-02-20 18:06:11,528 INFO L290 TraceCheckUtils]: 48: Hoare triple {25219#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25219#true} is VALID [2022-02-20 18:06:11,528 INFO L290 TraceCheckUtils]: 49: Hoare triple {25219#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {25219#true} is VALID [2022-02-20 18:06:11,528 INFO L290 TraceCheckUtils]: 50: Hoare triple {25219#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25219#true} is VALID [2022-02-20 18:06:11,528 INFO L290 TraceCheckUtils]: 51: Hoare triple {25219#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {25219#true} is VALID [2022-02-20 18:06:11,528 INFO L290 TraceCheckUtils]: 52: Hoare triple {25219#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25219#true} is VALID [2022-02-20 18:06:11,528 INFO L290 TraceCheckUtils]: 53: Hoare triple {25219#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~20#1 := 1; {25219#true} is VALID [2022-02-20 18:06:11,529 INFO L290 TraceCheckUtils]: 54: Hoare triple {25219#true} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {25219#true} is VALID [2022-02-20 18:06:11,529 INFO L290 TraceCheckUtils]: 55: Hoare triple {25219#true} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {25219#true} is VALID [2022-02-20 18:06:11,529 INFO L290 TraceCheckUtils]: 56: Hoare triple {25219#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25219#true} is VALID [2022-02-20 18:06:11,529 INFO L290 TraceCheckUtils]: 57: Hoare triple {25219#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {25219#true} is VALID [2022-02-20 18:06:11,530 INFO L272 TraceCheckUtils]: 58: Hoare triple {25219#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:11,530 INFO L290 TraceCheckUtils]: 59: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {25219#true} is VALID [2022-02-20 18:06:11,531 INFO L272 TraceCheckUtils]: 60: Hoare triple {25219#true} call setClientId(~bob___0, ~bob___0); {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:11,531 INFO L290 TraceCheckUtils]: 61: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,532 INFO L290 TraceCheckUtils]: 62: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,532 INFO L290 TraceCheckUtils]: 63: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,532 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25219#true} {25219#true} #1731#return; {25219#true} is VALID [2022-02-20 18:06:11,532 INFO L290 TraceCheckUtils]: 65: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,532 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25219#true} {25219#true} #1749#return; {25219#true} is VALID [2022-02-20 18:06:11,533 INFO L272 TraceCheckUtils]: 67: Hoare triple {25219#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {25317#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:11,533 INFO L290 TraceCheckUtils]: 68: Hoare triple {25317#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,533 INFO L290 TraceCheckUtils]: 69: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,533 INFO L290 TraceCheckUtils]: 70: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,533 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25219#true} {25219#true} #1751#return; {25219#true} is VALID [2022-02-20 18:06:11,534 INFO L290 TraceCheckUtils]: 72: Hoare triple {25219#true} assume { :end_inline_setup_bob__role__Keys } true; {25219#true} is VALID [2022-02-20 18:06:11,534 INFO L290 TraceCheckUtils]: 73: Hoare triple {25219#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25257#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:06:11,534 INFO L290 TraceCheckUtils]: 74: Hoare triple {25257#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {25258#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:06:11,535 INFO L272 TraceCheckUtils]: 75: Hoare triple {25258#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:11,535 INFO L290 TraceCheckUtils]: 76: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {25318#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:11,536 INFO L272 TraceCheckUtils]: 77: Hoare triple {25318#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:11,536 INFO L290 TraceCheckUtils]: 78: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25324#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:11,537 INFO L290 TraceCheckUtils]: 79: Hoare triple {25324#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25325#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:11,537 INFO L290 TraceCheckUtils]: 80: Hoare triple {25325#(= |setClientId_#in~handle| 1)} assume true; {25325#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:11,538 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25325#(= |setClientId_#in~handle| 1)} {25318#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {25323#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:11,538 INFO L290 TraceCheckUtils]: 82: Hoare triple {25323#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {25323#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:11,538 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {25323#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {25258#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1755#return; {25220#false} is VALID [2022-02-20 18:06:11,539 INFO L272 TraceCheckUtils]: 84: Hoare triple {25220#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {25317#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:11,539 INFO L290 TraceCheckUtils]: 85: Hoare triple {25317#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,539 INFO L290 TraceCheckUtils]: 86: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,539 INFO L290 TraceCheckUtils]: 87: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,539 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25219#true} {25220#false} #1757#return; {25220#false} is VALID [2022-02-20 18:06:11,539 INFO L290 TraceCheckUtils]: 89: Hoare triple {25220#false} assume { :end_inline_setup_rjh__role__Keys } true; {25220#false} is VALID [2022-02-20 18:06:11,539 INFO L290 TraceCheckUtils]: 90: Hoare triple {25220#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25220#false} is VALID [2022-02-20 18:06:11,539 INFO L290 TraceCheckUtils]: 91: Hoare triple {25220#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {25220#false} is VALID [2022-02-20 18:06:11,539 INFO L272 TraceCheckUtils]: 92: Hoare triple {25220#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:11,540 INFO L290 TraceCheckUtils]: 93: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {25219#true} is VALID [2022-02-20 18:06:11,540 INFO L272 TraceCheckUtils]: 94: Hoare triple {25219#true} call setClientId(~chuck___0, ~chuck___0); {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:11,540 INFO L290 TraceCheckUtils]: 95: Hoare triple {25312#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,540 INFO L290 TraceCheckUtils]: 96: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,541 INFO L290 TraceCheckUtils]: 97: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,541 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {25219#true} {25219#true} #1625#return; {25219#true} is VALID [2022-02-20 18:06:11,541 INFO L290 TraceCheckUtils]: 99: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,541 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {25219#true} {25220#false} #1761#return; {25220#false} is VALID [2022-02-20 18:06:11,541 INFO L272 TraceCheckUtils]: 101: Hoare triple {25220#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {25317#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:11,541 INFO L290 TraceCheckUtils]: 102: Hoare triple {25317#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,541 INFO L290 TraceCheckUtils]: 103: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,541 INFO L290 TraceCheckUtils]: 104: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,541 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {25219#true} {25220#false} #1763#return; {25220#false} is VALID [2022-02-20 18:06:11,541 INFO L290 TraceCheckUtils]: 106: Hoare triple {25220#false} assume { :end_inline_setup_chuck__role__Keys } true; {25220#false} is VALID [2022-02-20 18:06:11,542 INFO L290 TraceCheckUtils]: 107: Hoare triple {25220#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {25220#false} is VALID [2022-02-20 18:06:11,542 INFO L290 TraceCheckUtils]: 108: Hoare triple {25220#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25220#false} is VALID [2022-02-20 18:06:11,542 INFO L290 TraceCheckUtils]: 109: Hoare triple {25220#false} assume !false; {25220#false} is VALID [2022-02-20 18:06:11,542 INFO L290 TraceCheckUtils]: 110: Hoare triple {25220#false} assume test_~splverifierCounter~0#1 < 4; {25220#false} is VALID [2022-02-20 18:06:11,542 INFO L290 TraceCheckUtils]: 111: Hoare triple {25220#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25220#false} is VALID [2022-02-20 18:06:11,542 INFO L290 TraceCheckUtils]: 112: Hoare triple {25220#false} assume !(0 == test_~op1~0#1); {25220#false} is VALID [2022-02-20 18:06:11,542 INFO L290 TraceCheckUtils]: 113: Hoare triple {25220#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {25220#false} is VALID [2022-02-20 18:06:11,542 INFO L290 TraceCheckUtils]: 114: Hoare triple {25220#false} assume 0 != test_~tmp___8~0#1; {25220#false} is VALID [2022-02-20 18:06:11,543 INFO L290 TraceCheckUtils]: 115: Hoare triple {25220#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {25220#false} is VALID [2022-02-20 18:06:11,543 INFO L290 TraceCheckUtils]: 116: Hoare triple {25220#false} test_~op2~0#1 := 1; {25220#false} is VALID [2022-02-20 18:06:11,543 INFO L290 TraceCheckUtils]: 117: Hoare triple {25220#false} assume !false; {25220#false} is VALID [2022-02-20 18:06:11,543 INFO L290 TraceCheckUtils]: 118: Hoare triple {25220#false} assume !(test_~splverifierCounter~0#1 < 4); {25220#false} is VALID [2022-02-20 18:06:11,543 INFO L290 TraceCheckUtils]: 119: Hoare triple {25220#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {25220#false} is VALID [2022-02-20 18:06:11,543 INFO L272 TraceCheckUtils]: 120: Hoare triple {25220#false} call sendEmail(~bob~0, ~rjh~0); {25220#false} is VALID [2022-02-20 18:06:11,543 INFO L290 TraceCheckUtils]: 121: Hoare triple {25220#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25220#false} is VALID [2022-02-20 18:06:11,543 INFO L272 TraceCheckUtils]: 122: Hoare triple {25220#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25330#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:11,543 INFO L290 TraceCheckUtils]: 123: Hoare triple {25330#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,544 INFO L290 TraceCheckUtils]: 124: Hoare triple {25219#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,544 INFO L290 TraceCheckUtils]: 125: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,544 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {25219#true} {25220#false} #1647#return; {25220#false} is VALID [2022-02-20 18:06:11,544 INFO L272 TraceCheckUtils]: 127: Hoare triple {25220#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25331#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:06:11,544 INFO L290 TraceCheckUtils]: 128: Hoare triple {25331#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,544 INFO L290 TraceCheckUtils]: 129: Hoare triple {25219#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,544 INFO L290 TraceCheckUtils]: 130: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,544 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25219#true} {25220#false} #1649#return; {25220#false} is VALID [2022-02-20 18:06:11,544 INFO L290 TraceCheckUtils]: 132: Hoare triple {25220#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {25220#false} is VALID [2022-02-20 18:06:11,545 INFO L290 TraceCheckUtils]: 133: Hoare triple {25220#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {25220#false} is VALID [2022-02-20 18:06:11,545 INFO L272 TraceCheckUtils]: 134: Hoare triple {25220#false} call outgoing(~sender#1, ~email~0#1); {25220#false} is VALID [2022-02-20 18:06:11,545 INFO L290 TraceCheckUtils]: 135: Hoare triple {25220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25220#false} is VALID [2022-02-20 18:06:11,545 INFO L290 TraceCheckUtils]: 136: Hoare triple {25220#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {25220#false} is VALID [2022-02-20 18:06:11,545 INFO L272 TraceCheckUtils]: 137: Hoare triple {25220#false} call outgoing__before__Sign(~client#1, ~msg#1); {25220#false} is VALID [2022-02-20 18:06:11,545 INFO L290 TraceCheckUtils]: 138: Hoare triple {25220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25220#false} is VALID [2022-02-20 18:06:11,545 INFO L290 TraceCheckUtils]: 139: Hoare triple {25220#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret20#1, outgoing__role__AddressBook_#t~ret21#1, outgoing__role__AddressBook_#t~ret22#1, outgoing__role__AddressBook_#t~ret23#1, outgoing__role__AddressBook_#t~ret24#1, outgoing__role__AddressBook_#t~ret25#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~0#1, outgoing__role__AddressBook_~tmp~4#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~2#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~1#1, outgoing__role__AddressBook_~tmp___2~1#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~0#1;havoc outgoing__role__AddressBook_~tmp~4#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~2#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~1#1;havoc outgoing__role__AddressBook_~tmp___2~1#1; {25220#false} is VALID [2022-02-20 18:06:11,545 INFO L272 TraceCheckUtils]: 140: Hoare triple {25220#false} call outgoing__role__AddressBook_#t~ret20#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {25219#true} is VALID [2022-02-20 18:06:11,546 INFO L290 TraceCheckUtils]: 141: Hoare triple {25219#true} ~handle := #in~handle;havoc ~retValue_acc~31; {25219#true} is VALID [2022-02-20 18:06:11,546 INFO L290 TraceCheckUtils]: 142: Hoare triple {25219#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~31; {25219#true} is VALID [2022-02-20 18:06:11,546 INFO L290 TraceCheckUtils]: 143: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,546 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {25219#true} {25220#false} #1627#return; {25220#false} is VALID [2022-02-20 18:06:11,546 INFO L290 TraceCheckUtils]: 145: Hoare triple {25220#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret20#1 && outgoing__role__AddressBook_#t~ret20#1 <= 2147483647;outgoing__role__AddressBook_~tmp~4#1 := outgoing__role__AddressBook_#t~ret20#1;havoc outgoing__role__AddressBook_#t~ret20#1;outgoing__role__AddressBook_~size~0#1 := outgoing__role__AddressBook_~tmp~4#1; {25220#false} is VALID [2022-02-20 18:06:11,546 INFO L290 TraceCheckUtils]: 146: Hoare triple {25220#false} assume !(0 != outgoing__role__AddressBook_~size~0#1); {25220#false} is VALID [2022-02-20 18:06:11,546 INFO L272 TraceCheckUtils]: 147: Hoare triple {25220#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {25220#false} is VALID [2022-02-20 18:06:11,546 INFO L290 TraceCheckUtils]: 148: Hoare triple {25220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25220#false} is VALID [2022-02-20 18:06:11,546 INFO L290 TraceCheckUtils]: 149: Hoare triple {25220#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret18#1, outgoing__role__Encrypt_#t~ret19#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~3#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~1#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~3#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~1#1; {25220#false} is VALID [2022-02-20 18:06:11,547 INFO L272 TraceCheckUtils]: 150: Hoare triple {25220#false} call outgoing__role__Encrypt_#t~ret18#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {25219#true} is VALID [2022-02-20 18:06:11,547 INFO L290 TraceCheckUtils]: 151: Hoare triple {25219#true} ~handle := #in~handle;havoc ~retValue_acc~3; {25219#true} is VALID [2022-02-20 18:06:11,547 INFO L290 TraceCheckUtils]: 152: Hoare triple {25219#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {25219#true} is VALID [2022-02-20 18:06:11,547 INFO L290 TraceCheckUtils]: 153: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,547 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {25219#true} {25220#false} #1613#return; {25220#false} is VALID [2022-02-20 18:06:11,547 INFO L290 TraceCheckUtils]: 155: Hoare triple {25220#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret18#1 && outgoing__role__Encrypt_#t~ret18#1 <= 2147483647;outgoing__role__Encrypt_~tmp~3#1 := outgoing__role__Encrypt_#t~ret18#1;havoc outgoing__role__Encrypt_#t~ret18#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~3#1; {25220#false} is VALID [2022-02-20 18:06:11,547 INFO L272 TraceCheckUtils]: 156: Hoare triple {25220#false} call outgoing__role__Encrypt_#t~ret19#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {25219#true} is VALID [2022-02-20 18:06:11,547 INFO L290 TraceCheckUtils]: 157: Hoare triple {25219#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {25219#true} is VALID [2022-02-20 18:06:11,547 INFO L290 TraceCheckUtils]: 158: Hoare triple {25219#true} assume 1 == ~handle; {25219#true} is VALID [2022-02-20 18:06:11,548 INFO L290 TraceCheckUtils]: 159: Hoare triple {25219#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {25219#true} is VALID [2022-02-20 18:06:11,548 INFO L290 TraceCheckUtils]: 160: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,548 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {25219#true} {25220#false} #1615#return; {25220#false} is VALID [2022-02-20 18:06:11,548 INFO L290 TraceCheckUtils]: 162: Hoare triple {25220#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret19#1 && outgoing__role__Encrypt_#t~ret19#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~1#1 := outgoing__role__Encrypt_#t~ret19#1;havoc outgoing__role__Encrypt_#t~ret19#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~1#1; {25220#false} is VALID [2022-02-20 18:06:11,548 INFO L290 TraceCheckUtils]: 163: Hoare triple {25220#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {25220#false} is VALID [2022-02-20 18:06:11,548 INFO L272 TraceCheckUtils]: 164: Hoare triple {25220#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {25220#false} is VALID [2022-02-20 18:06:11,548 INFO L290 TraceCheckUtils]: 165: Hoare triple {25220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {25220#false} is VALID [2022-02-20 18:06:11,548 INFO L290 TraceCheckUtils]: 166: Hoare triple {25220#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {25220#false} is VALID [2022-02-20 18:06:11,548 INFO L290 TraceCheckUtils]: 167: Hoare triple {25220#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {25220#false} is VALID [2022-02-20 18:06:11,549 INFO L272 TraceCheckUtils]: 168: Hoare triple {25220#false} call setEmailFrom(~msg#1, ~tmp~2#1); {25330#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:11,549 INFO L290 TraceCheckUtils]: 169: Hoare triple {25330#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:11,549 INFO L290 TraceCheckUtils]: 170: Hoare triple {25219#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:11,549 INFO L290 TraceCheckUtils]: 171: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,549 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {25219#true} {25220#false} #1659#return; {25220#false} is VALID [2022-02-20 18:06:11,549 INFO L290 TraceCheckUtils]: 173: Hoare triple {25220#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {25220#false} is VALID [2022-02-20 18:06:11,549 INFO L290 TraceCheckUtils]: 174: Hoare triple {25220#false} assume 0 != ~in_encrypted~0; {25220#false} is VALID [2022-02-20 18:06:11,549 INFO L272 TraceCheckUtils]: 175: Hoare triple {25220#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {25219#true} is VALID [2022-02-20 18:06:11,549 INFO L290 TraceCheckUtils]: 176: Hoare triple {25219#true} ~handle := #in~handle;havoc ~retValue_acc~6; {25219#true} is VALID [2022-02-20 18:06:11,550 INFO L290 TraceCheckUtils]: 177: Hoare triple {25219#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {25219#true} is VALID [2022-02-20 18:06:11,550 INFO L290 TraceCheckUtils]: 178: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:11,550 INFO L284 TraceCheckUtils]: 179: Hoare quadruple {25219#true} {25220#false} #1661#return; {25220#false} is VALID [2022-02-20 18:06:11,550 INFO L290 TraceCheckUtils]: 180: Hoare triple {25220#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {25220#false} is VALID [2022-02-20 18:06:11,550 INFO L290 TraceCheckUtils]: 181: Hoare triple {25220#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {25220#false} is VALID [2022-02-20 18:06:11,550 INFO L290 TraceCheckUtils]: 182: Hoare triple {25220#false} assume !false; {25220#false} is VALID [2022-02-20 18:06:11,550 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2022-02-20 18:06:11,551 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:11,551 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1447549620] [2022-02-20 18:06:11,551 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1447549620] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:06:11,551 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1474055204] [2022-02-20 18:06:11,551 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:11,551 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:06:11,551 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:06:11,552 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:06:11,555 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:06:11,848 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,853 INFO L263 TraceCheckSpWp]: Trace formula consists of 1497 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:06:11,911 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,914 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:12,321 INFO L290 TraceCheckUtils]: 0: Hoare triple {25219#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {25219#true} is VALID [2022-02-20 18:06:12,322 INFO L290 TraceCheckUtils]: 1: Hoare triple {25219#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {25219#true} is VALID [2022-02-20 18:06:12,322 INFO L290 TraceCheckUtils]: 2: Hoare triple {25219#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {25219#true} is VALID [2022-02-20 18:06:12,322 INFO L272 TraceCheckUtils]: 3: Hoare triple {25219#true} call select_features_#t~ret96#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:12,322 INFO L290 TraceCheckUtils]: 4: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:12,322 INFO L290 TraceCheckUtils]: 5: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,322 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {25219#true} {25219#true} #1733#return; {25219#true} is VALID [2022-02-20 18:06:12,322 INFO L290 TraceCheckUtils]: 7: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {25219#true} is VALID [2022-02-20 18:06:12,322 INFO L272 TraceCheckUtils]: 8: Hoare triple {25219#true} call select_features_#t~ret97#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:12,322 INFO L290 TraceCheckUtils]: 9: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:12,323 INFO L290 TraceCheckUtils]: 10: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,323 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {25219#true} {25219#true} #1735#return; {25219#true} is VALID [2022-02-20 18:06:12,323 INFO L290 TraceCheckUtils]: 12: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {25219#true} is VALID [2022-02-20 18:06:12,323 INFO L272 TraceCheckUtils]: 13: Hoare triple {25219#true} call select_features_#t~ret98#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:12,323 INFO L290 TraceCheckUtils]: 14: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:12,323 INFO L290 TraceCheckUtils]: 15: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,323 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25219#true} {25219#true} #1737#return; {25219#true} is VALID [2022-02-20 18:06:12,323 INFO L290 TraceCheckUtils]: 17: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {25219#true} is VALID [2022-02-20 18:06:12,324 INFO L272 TraceCheckUtils]: 18: Hoare triple {25219#true} call select_features_#t~ret99#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:12,324 INFO L290 TraceCheckUtils]: 19: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:12,324 INFO L290 TraceCheckUtils]: 20: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,324 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {25219#true} {25219#true} #1739#return; {25219#true} is VALID [2022-02-20 18:06:12,324 INFO L290 TraceCheckUtils]: 22: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {25219#true} is VALID [2022-02-20 18:06:12,324 INFO L272 TraceCheckUtils]: 23: Hoare triple {25219#true} call select_features_#t~ret100#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:12,324 INFO L290 TraceCheckUtils]: 24: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:12,324 INFO L290 TraceCheckUtils]: 25: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,324 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {25219#true} {25219#true} #1741#return; {25219#true} is VALID [2022-02-20 18:06:12,325 INFO L290 TraceCheckUtils]: 27: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {25219#true} is VALID [2022-02-20 18:06:12,325 INFO L272 TraceCheckUtils]: 28: Hoare triple {25219#true} call select_features_#t~ret101#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:12,325 INFO L290 TraceCheckUtils]: 29: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:12,325 INFO L290 TraceCheckUtils]: 30: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,325 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {25219#true} {25219#true} #1743#return; {25219#true} is VALID [2022-02-20 18:06:12,325 INFO L290 TraceCheckUtils]: 32: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {25219#true} is VALID [2022-02-20 18:06:12,325 INFO L272 TraceCheckUtils]: 33: Hoare triple {25219#true} call select_features_#t~ret102#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:12,325 INFO L290 TraceCheckUtils]: 34: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:12,325 INFO L290 TraceCheckUtils]: 35: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,326 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {25219#true} {25219#true} #1745#return; {25219#true} is VALID [2022-02-20 18:06:12,326 INFO L290 TraceCheckUtils]: 37: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {25219#true} is VALID [2022-02-20 18:06:12,326 INFO L272 TraceCheckUtils]: 38: Hoare triple {25219#true} call select_features_#t~ret103#1 := select_one(); {25219#true} is VALID [2022-02-20 18:06:12,326 INFO L290 TraceCheckUtils]: 39: Hoare triple {25219#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {25219#true} is VALID [2022-02-20 18:06:12,326 INFO L290 TraceCheckUtils]: 40: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,326 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {25219#true} {25219#true} #1747#return; {25219#true} is VALID [2022-02-20 18:06:12,326 INFO L290 TraceCheckUtils]: 42: Hoare triple {25219#true} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {25219#true} is VALID [2022-02-20 18:06:12,326 INFO L290 TraceCheckUtils]: 43: Hoare triple {25219#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {25219#true} is VALID [2022-02-20 18:06:12,326 INFO L290 TraceCheckUtils]: 44: Hoare triple {25219#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25219#true} is VALID [2022-02-20 18:06:12,326 INFO L290 TraceCheckUtils]: 45: Hoare triple {25219#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {25219#true} is VALID [2022-02-20 18:06:12,327 INFO L290 TraceCheckUtils]: 46: Hoare triple {25219#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {25219#true} is VALID [2022-02-20 18:06:12,327 INFO L290 TraceCheckUtils]: 47: Hoare triple {25219#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {25219#true} is VALID [2022-02-20 18:06:12,327 INFO L290 TraceCheckUtils]: 48: Hoare triple {25219#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {25219#true} is VALID [2022-02-20 18:06:12,327 INFO L290 TraceCheckUtils]: 49: Hoare triple {25219#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {25219#true} is VALID [2022-02-20 18:06:12,327 INFO L290 TraceCheckUtils]: 50: Hoare triple {25219#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25219#true} is VALID [2022-02-20 18:06:12,327 INFO L290 TraceCheckUtils]: 51: Hoare triple {25219#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {25219#true} is VALID [2022-02-20 18:06:12,327 INFO L290 TraceCheckUtils]: 52: Hoare triple {25219#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {25219#true} is VALID [2022-02-20 18:06:12,327 INFO L290 TraceCheckUtils]: 53: Hoare triple {25219#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~20#1 := 1; {25219#true} is VALID [2022-02-20 18:06:12,327 INFO L290 TraceCheckUtils]: 54: Hoare triple {25219#true} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {25219#true} is VALID [2022-02-20 18:06:12,328 INFO L290 TraceCheckUtils]: 55: Hoare triple {25219#true} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {25219#true} is VALID [2022-02-20 18:06:12,328 INFO L290 TraceCheckUtils]: 56: Hoare triple {25219#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {25219#true} is VALID [2022-02-20 18:06:12,328 INFO L290 TraceCheckUtils]: 57: Hoare triple {25219#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {25219#true} is VALID [2022-02-20 18:06:12,328 INFO L272 TraceCheckUtils]: 58: Hoare triple {25219#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {25219#true} is VALID [2022-02-20 18:06:12,328 INFO L290 TraceCheckUtils]: 59: Hoare triple {25219#true} ~bob___0 := #in~bob___0; {25219#true} is VALID [2022-02-20 18:06:12,328 INFO L272 TraceCheckUtils]: 60: Hoare triple {25219#true} call setClientId(~bob___0, ~bob___0); {25219#true} is VALID [2022-02-20 18:06:12,328 INFO L290 TraceCheckUtils]: 61: Hoare triple {25219#true} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:12,328 INFO L290 TraceCheckUtils]: 62: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:12,328 INFO L290 TraceCheckUtils]: 63: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,329 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25219#true} {25219#true} #1731#return; {25219#true} is VALID [2022-02-20 18:06:12,329 INFO L290 TraceCheckUtils]: 65: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,329 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25219#true} {25219#true} #1749#return; {25219#true} is VALID [2022-02-20 18:06:12,329 INFO L272 TraceCheckUtils]: 67: Hoare triple {25219#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {25219#true} is VALID [2022-02-20 18:06:12,329 INFO L290 TraceCheckUtils]: 68: Hoare triple {25219#true} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:12,329 INFO L290 TraceCheckUtils]: 69: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:12,329 INFO L290 TraceCheckUtils]: 70: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,329 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25219#true} {25219#true} #1751#return; {25219#true} is VALID [2022-02-20 18:06:12,329 INFO L290 TraceCheckUtils]: 72: Hoare triple {25219#true} assume { :end_inline_setup_bob__role__Keys } true; {25219#true} is VALID [2022-02-20 18:06:12,330 INFO L290 TraceCheckUtils]: 73: Hoare triple {25219#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {25219#true} is VALID [2022-02-20 18:06:12,330 INFO L290 TraceCheckUtils]: 74: Hoare triple {25219#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {25219#true} is VALID [2022-02-20 18:06:12,330 INFO L272 TraceCheckUtils]: 75: Hoare triple {25219#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {25219#true} is VALID [2022-02-20 18:06:12,330 INFO L290 TraceCheckUtils]: 76: Hoare triple {25219#true} ~rjh___0 := #in~rjh___0; {25219#true} is VALID [2022-02-20 18:06:12,330 INFO L272 TraceCheckUtils]: 77: Hoare triple {25219#true} call setClientId(~rjh___0, ~rjh___0); {25219#true} is VALID [2022-02-20 18:06:12,330 INFO L290 TraceCheckUtils]: 78: Hoare triple {25219#true} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:12,330 INFO L290 TraceCheckUtils]: 79: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:12,330 INFO L290 TraceCheckUtils]: 80: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,330 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {25219#true} {25219#true} #1683#return; {25219#true} is VALID [2022-02-20 18:06:12,331 INFO L290 TraceCheckUtils]: 82: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,331 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {25219#true} {25219#true} #1755#return; {25219#true} is VALID [2022-02-20 18:06:12,331 INFO L272 TraceCheckUtils]: 84: Hoare triple {25219#true} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {25219#true} is VALID [2022-02-20 18:06:12,331 INFO L290 TraceCheckUtils]: 85: Hoare triple {25219#true} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:12,331 INFO L290 TraceCheckUtils]: 86: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:12,331 INFO L290 TraceCheckUtils]: 87: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,331 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {25219#true} {25219#true} #1757#return; {25219#true} is VALID [2022-02-20 18:06:12,331 INFO L290 TraceCheckUtils]: 89: Hoare triple {25219#true} assume { :end_inline_setup_rjh__role__Keys } true; {25219#true} is VALID [2022-02-20 18:06:12,332 INFO L290 TraceCheckUtils]: 90: Hoare triple {25219#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {25219#true} is VALID [2022-02-20 18:06:12,332 INFO L290 TraceCheckUtils]: 91: Hoare triple {25219#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {25219#true} is VALID [2022-02-20 18:06:12,332 INFO L272 TraceCheckUtils]: 92: Hoare triple {25219#true} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {25219#true} is VALID [2022-02-20 18:06:12,332 INFO L290 TraceCheckUtils]: 93: Hoare triple {25219#true} ~chuck___0 := #in~chuck___0; {25219#true} is VALID [2022-02-20 18:06:12,332 INFO L272 TraceCheckUtils]: 94: Hoare triple {25219#true} call setClientId(~chuck___0, ~chuck___0); {25219#true} is VALID [2022-02-20 18:06:12,332 INFO L290 TraceCheckUtils]: 95: Hoare triple {25219#true} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:12,332 INFO L290 TraceCheckUtils]: 96: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:12,332 INFO L290 TraceCheckUtils]: 97: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,332 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {25219#true} {25219#true} #1625#return; {25219#true} is VALID [2022-02-20 18:06:12,333 INFO L290 TraceCheckUtils]: 99: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,333 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {25219#true} {25219#true} #1761#return; {25219#true} is VALID [2022-02-20 18:06:12,333 INFO L272 TraceCheckUtils]: 101: Hoare triple {25219#true} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {25219#true} is VALID [2022-02-20 18:06:12,333 INFO L290 TraceCheckUtils]: 102: Hoare triple {25219#true} ~handle := #in~handle;~value := #in~value; {25219#true} is VALID [2022-02-20 18:06:12,333 INFO L290 TraceCheckUtils]: 103: Hoare triple {25219#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25219#true} is VALID [2022-02-20 18:06:12,333 INFO L290 TraceCheckUtils]: 104: Hoare triple {25219#true} assume true; {25219#true} is VALID [2022-02-20 18:06:12,333 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {25219#true} {25219#true} #1763#return; {25219#true} is VALID [2022-02-20 18:06:12,333 INFO L290 TraceCheckUtils]: 106: Hoare triple {25219#true} assume { :end_inline_setup_chuck__role__Keys } true; {25219#true} is VALID [2022-02-20 18:06:12,333 INFO L290 TraceCheckUtils]: 107: Hoare triple {25219#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {25219#true} is VALID [2022-02-20 18:06:12,334 INFO L290 TraceCheckUtils]: 108: Hoare triple {25219#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25659#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:06:12,334 INFO L290 TraceCheckUtils]: 109: Hoare triple {25659#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {25659#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:06:12,334 INFO L290 TraceCheckUtils]: 110: Hoare triple {25659#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {25659#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:06:12,335 INFO L290 TraceCheckUtils]: 111: Hoare triple {25659#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25659#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:06:12,335 INFO L290 TraceCheckUtils]: 112: Hoare triple {25659#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {25220#false} is VALID [2022-02-20 18:06:12,335 INFO L290 TraceCheckUtils]: 113: Hoare triple {25220#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {25220#false} is VALID [2022-02-20 18:06:12,335 INFO L290 TraceCheckUtils]: 114: Hoare triple {25220#false} assume 0 != test_~tmp___8~0#1; {25220#false} is VALID [2022-02-20 18:06:12,335 INFO L290 TraceCheckUtils]: 115: Hoare triple {25220#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {25220#false} is VALID [2022-02-20 18:06:12,335 INFO L290 TraceCheckUtils]: 116: Hoare triple {25220#false} test_~op2~0#1 := 1; {25220#false} is VALID [2022-02-20 18:06:12,336 INFO L290 TraceCheckUtils]: 117: Hoare triple {25220#false} assume !false; {25220#false} is VALID [2022-02-20 18:06:12,336 INFO L290 TraceCheckUtils]: 118: Hoare triple {25220#false} assume !(test_~splverifierCounter~0#1 < 4); {25220#false} is VALID [2022-02-20 18:06:12,336 INFO L290 TraceCheckUtils]: 119: Hoare triple {25220#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {25220#false} is VALID [2022-02-20 18:06:12,336 INFO L272 TraceCheckUtils]: 120: Hoare triple {25220#false} call sendEmail(~bob~0, ~rjh~0); {25220#false} is VALID [2022-02-20 18:06:12,336 INFO L290 TraceCheckUtils]: 121: Hoare triple {25220#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25220#false} is VALID [2022-02-20 18:06:12,336 INFO L272 TraceCheckUtils]: 122: Hoare triple {25220#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25220#false} is VALID [2022-02-20 18:06:12,336 INFO L290 TraceCheckUtils]: 123: Hoare triple {25220#false} ~handle := #in~handle;~value := #in~value; {25220#false} is VALID [2022-02-20 18:06:12,336 INFO L290 TraceCheckUtils]: 124: Hoare triple {25220#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25220#false} is VALID [2022-02-20 18:06:12,336 INFO L290 TraceCheckUtils]: 125: Hoare triple {25220#false} assume true; {25220#false} is VALID [2022-02-20 18:06:12,337 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {25220#false} {25220#false} #1647#return; {25220#false} is VALID [2022-02-20 18:06:12,337 INFO L272 TraceCheckUtils]: 127: Hoare triple {25220#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25220#false} is VALID [2022-02-20 18:06:12,337 INFO L290 TraceCheckUtils]: 128: Hoare triple {25220#false} ~handle := #in~handle;~value := #in~value; {25220#false} is VALID [2022-02-20 18:06:12,337 INFO L290 TraceCheckUtils]: 129: Hoare triple {25220#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25220#false} is VALID [2022-02-20 18:06:12,337 INFO L290 TraceCheckUtils]: 130: Hoare triple {25220#false} assume true; {25220#false} is VALID [2022-02-20 18:06:12,337 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25220#false} {25220#false} #1649#return; {25220#false} is VALID [2022-02-20 18:06:12,337 INFO L290 TraceCheckUtils]: 132: Hoare triple {25220#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {25220#false} is VALID [2022-02-20 18:06:12,337 INFO L290 TraceCheckUtils]: 133: Hoare triple {25220#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {25220#false} is VALID [2022-02-20 18:06:12,337 INFO L272 TraceCheckUtils]: 134: Hoare triple {25220#false} call outgoing(~sender#1, ~email~0#1); {25220#false} is VALID [2022-02-20 18:06:12,338 INFO L290 TraceCheckUtils]: 135: Hoare triple {25220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25220#false} is VALID [2022-02-20 18:06:12,338 INFO L290 TraceCheckUtils]: 136: Hoare triple {25220#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {25220#false} is VALID [2022-02-20 18:06:12,338 INFO L272 TraceCheckUtils]: 137: Hoare triple {25220#false} call outgoing__before__Sign(~client#1, ~msg#1); {25220#false} is VALID [2022-02-20 18:06:12,338 INFO L290 TraceCheckUtils]: 138: Hoare triple {25220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25220#false} is VALID [2022-02-20 18:06:12,338 INFO L290 TraceCheckUtils]: 139: Hoare triple {25220#false} assume 0 != ~__SELECTED_FEATURE_AddressBook~0;assume { :begin_inline_outgoing__role__AddressBook } true;outgoing__role__AddressBook_#in~client#1, outgoing__role__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__AddressBook_#t~ret20#1, outgoing__role__AddressBook_#t~ret21#1, outgoing__role__AddressBook_#t~ret22#1, outgoing__role__AddressBook_#t~ret23#1, outgoing__role__AddressBook_#t~ret24#1, outgoing__role__AddressBook_#t~ret25#1, outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1, outgoing__role__AddressBook_~size~0#1, outgoing__role__AddressBook_~tmp~4#1, outgoing__role__AddressBook_~receiver~1#1, outgoing__role__AddressBook_~tmp___0~2#1, outgoing__role__AddressBook_~second~0#1, outgoing__role__AddressBook_~tmp___1~1#1, outgoing__role__AddressBook_~tmp___2~1#1;outgoing__role__AddressBook_~client#1 := outgoing__role__AddressBook_#in~client#1;outgoing__role__AddressBook_~msg#1 := outgoing__role__AddressBook_#in~msg#1;havoc outgoing__role__AddressBook_~size~0#1;havoc outgoing__role__AddressBook_~tmp~4#1;havoc outgoing__role__AddressBook_~receiver~1#1;havoc outgoing__role__AddressBook_~tmp___0~2#1;havoc outgoing__role__AddressBook_~second~0#1;havoc outgoing__role__AddressBook_~tmp___1~1#1;havoc outgoing__role__AddressBook_~tmp___2~1#1; {25220#false} is VALID [2022-02-20 18:06:12,338 INFO L272 TraceCheckUtils]: 140: Hoare triple {25220#false} call outgoing__role__AddressBook_#t~ret20#1 := getClientAddressBookSize(outgoing__role__AddressBook_~client#1); {25220#false} is VALID [2022-02-20 18:06:12,338 INFO L290 TraceCheckUtils]: 141: Hoare triple {25220#false} ~handle := #in~handle;havoc ~retValue_acc~31; {25220#false} is VALID [2022-02-20 18:06:12,338 INFO L290 TraceCheckUtils]: 142: Hoare triple {25220#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~31; {25220#false} is VALID [2022-02-20 18:06:12,338 INFO L290 TraceCheckUtils]: 143: Hoare triple {25220#false} assume true; {25220#false} is VALID [2022-02-20 18:06:12,338 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {25220#false} {25220#false} #1627#return; {25220#false} is VALID [2022-02-20 18:06:12,339 INFO L290 TraceCheckUtils]: 145: Hoare triple {25220#false} assume -2147483648 <= outgoing__role__AddressBook_#t~ret20#1 && outgoing__role__AddressBook_#t~ret20#1 <= 2147483647;outgoing__role__AddressBook_~tmp~4#1 := outgoing__role__AddressBook_#t~ret20#1;havoc outgoing__role__AddressBook_#t~ret20#1;outgoing__role__AddressBook_~size~0#1 := outgoing__role__AddressBook_~tmp~4#1; {25220#false} is VALID [2022-02-20 18:06:12,339 INFO L290 TraceCheckUtils]: 146: Hoare triple {25220#false} assume !(0 != outgoing__role__AddressBook_~size~0#1); {25220#false} is VALID [2022-02-20 18:06:12,339 INFO L272 TraceCheckUtils]: 147: Hoare triple {25220#false} call outgoing__before__AddressBook(outgoing__role__AddressBook_~client#1, outgoing__role__AddressBook_~msg#1); {25220#false} is VALID [2022-02-20 18:06:12,339 INFO L290 TraceCheckUtils]: 148: Hoare triple {25220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {25220#false} is VALID [2022-02-20 18:06:12,339 INFO L290 TraceCheckUtils]: 149: Hoare triple {25220#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret18#1, outgoing__role__Encrypt_#t~ret19#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~3#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~1#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~3#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~1#1; {25220#false} is VALID [2022-02-20 18:06:12,339 INFO L272 TraceCheckUtils]: 150: Hoare triple {25220#false} call outgoing__role__Encrypt_#t~ret18#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {25220#false} is VALID [2022-02-20 18:06:12,339 INFO L290 TraceCheckUtils]: 151: Hoare triple {25220#false} ~handle := #in~handle;havoc ~retValue_acc~3; {25220#false} is VALID [2022-02-20 18:06:12,339 INFO L290 TraceCheckUtils]: 152: Hoare triple {25220#false} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {25220#false} is VALID [2022-02-20 18:06:12,340 INFO L290 TraceCheckUtils]: 153: Hoare triple {25220#false} assume true; {25220#false} is VALID [2022-02-20 18:06:12,340 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {25220#false} {25220#false} #1613#return; {25220#false} is VALID [2022-02-20 18:06:12,340 INFO L290 TraceCheckUtils]: 155: Hoare triple {25220#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret18#1 && outgoing__role__Encrypt_#t~ret18#1 <= 2147483647;outgoing__role__Encrypt_~tmp~3#1 := outgoing__role__Encrypt_#t~ret18#1;havoc outgoing__role__Encrypt_#t~ret18#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~3#1; {25220#false} is VALID [2022-02-20 18:06:12,340 INFO L272 TraceCheckUtils]: 156: Hoare triple {25220#false} call outgoing__role__Encrypt_#t~ret19#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {25220#false} is VALID [2022-02-20 18:06:12,340 INFO L290 TraceCheckUtils]: 157: Hoare triple {25220#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {25220#false} is VALID [2022-02-20 18:06:12,340 INFO L290 TraceCheckUtils]: 158: Hoare triple {25220#false} assume 1 == ~handle; {25220#false} is VALID [2022-02-20 18:06:12,340 INFO L290 TraceCheckUtils]: 159: Hoare triple {25220#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {25220#false} is VALID [2022-02-20 18:06:12,340 INFO L290 TraceCheckUtils]: 160: Hoare triple {25220#false} assume true; {25220#false} is VALID [2022-02-20 18:06:12,340 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {25220#false} {25220#false} #1615#return; {25220#false} is VALID [2022-02-20 18:06:12,341 INFO L290 TraceCheckUtils]: 162: Hoare triple {25220#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret19#1 && outgoing__role__Encrypt_#t~ret19#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~1#1 := outgoing__role__Encrypt_#t~ret19#1;havoc outgoing__role__Encrypt_#t~ret19#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~1#1; {25220#false} is VALID [2022-02-20 18:06:12,341 INFO L290 TraceCheckUtils]: 163: Hoare triple {25220#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {25220#false} is VALID [2022-02-20 18:06:12,341 INFO L272 TraceCheckUtils]: 164: Hoare triple {25220#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {25220#false} is VALID [2022-02-20 18:06:12,341 INFO L290 TraceCheckUtils]: 165: Hoare triple {25220#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {25220#false} is VALID [2022-02-20 18:06:12,341 INFO L290 TraceCheckUtils]: 166: Hoare triple {25220#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {25220#false} is VALID [2022-02-20 18:06:12,341 INFO L290 TraceCheckUtils]: 167: Hoare triple {25220#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {25220#false} is VALID [2022-02-20 18:06:12,341 INFO L272 TraceCheckUtils]: 168: Hoare triple {25220#false} call setEmailFrom(~msg#1, ~tmp~2#1); {25220#false} is VALID [2022-02-20 18:06:12,341 INFO L290 TraceCheckUtils]: 169: Hoare triple {25220#false} ~handle := #in~handle;~value := #in~value; {25220#false} is VALID [2022-02-20 18:06:12,341 INFO L290 TraceCheckUtils]: 170: Hoare triple {25220#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25220#false} is VALID [2022-02-20 18:06:12,342 INFO L290 TraceCheckUtils]: 171: Hoare triple {25220#false} assume true; {25220#false} is VALID [2022-02-20 18:06:12,342 INFO L284 TraceCheckUtils]: 172: Hoare quadruple {25220#false} {25220#false} #1659#return; {25220#false} is VALID [2022-02-20 18:06:12,342 INFO L290 TraceCheckUtils]: 173: Hoare triple {25220#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {25220#false} is VALID [2022-02-20 18:06:12,342 INFO L290 TraceCheckUtils]: 174: Hoare triple {25220#false} assume 0 != ~in_encrypted~0; {25220#false} is VALID [2022-02-20 18:06:12,342 INFO L272 TraceCheckUtils]: 175: Hoare triple {25220#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {25220#false} is VALID [2022-02-20 18:06:12,342 INFO L290 TraceCheckUtils]: 176: Hoare triple {25220#false} ~handle := #in~handle;havoc ~retValue_acc~6; {25220#false} is VALID [2022-02-20 18:06:12,342 INFO L290 TraceCheckUtils]: 177: Hoare triple {25220#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {25220#false} is VALID [2022-02-20 18:06:12,342 INFO L290 TraceCheckUtils]: 178: Hoare triple {25220#false} assume true; {25220#false} is VALID [2022-02-20 18:06:12,342 INFO L284 TraceCheckUtils]: 179: Hoare quadruple {25220#false} {25220#false} #1661#return; {25220#false} is VALID [2022-02-20 18:06:12,343 INFO L290 TraceCheckUtils]: 180: Hoare triple {25220#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {25220#false} is VALID [2022-02-20 18:06:12,343 INFO L290 TraceCheckUtils]: 181: Hoare triple {25220#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {25220#false} is VALID [2022-02-20 18:06:12,343 INFO L290 TraceCheckUtils]: 182: Hoare triple {25220#false} assume !false; {25220#false} is VALID [2022-02-20 18:06:12,343 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2022-02-20 18:06:12,343 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:12,343 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1474055204] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:12,344 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:06:12,344 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [12] total 13 [2022-02-20 18:06:12,344 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2038432248] [2022-02-20 18:06:12,344 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:12,345 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 183 [2022-02-20 18:06:12,345 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:12,345 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:06:12,456 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 154 edges. 154 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:12,457 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:06:12,457 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:12,457 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:06:12,457 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:06:12,458 INFO L87 Difference]: Start difference. First operand 594 states and 852 transitions. Second operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:06:13,187 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:13,187 INFO L93 Difference]: Finished difference Result 1208 states and 1765 transitions. [2022-02-20 18:06:13,188 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:06:13,188 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) Word has length 183 [2022-02-20 18:06:13,188 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:13,188 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:06:13,202 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1761 transitions. [2022-02-20 18:06:13,203 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:06:13,216 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1761 transitions. [2022-02-20 18:06:13,216 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1761 transitions. [2022-02-20 18:06:14,386 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1761 edges. 1761 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:14,409 INFO L225 Difference]: With dead ends: 1208 [2022-02-20 18:06:14,409 INFO L226 Difference]: Without dead ends: 692 [2022-02-20 18:06:14,410 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 236 GetRequests, 225 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=23, Invalid=133, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:06:14,411 INFO L933 BasicCegarLoop]: 868 mSDtfsCounter, 165 mSDsluCounter, 798 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 1666 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:14,411 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 1666 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:14,412 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 692 states. [2022-02-20 18:06:14,430 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 692 to 684. [2022-02-20 18:06:14,430 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:14,431 INFO L82 GeneralOperation]: Start isEquivalent. First operand 692 states. Second operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 533 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 18:06:14,432 INFO L74 IsIncluded]: Start isIncluded. First operand 692 states. Second operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 533 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 18:06:14,433 INFO L87 Difference]: Start difference. First operand 692 states. Second operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 533 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 18:06:14,450 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:14,451 INFO L93 Difference]: Finished difference Result 692 states and 1007 transitions. [2022-02-20 18:06:14,451 INFO L276 IsEmpty]: Start isEmpty. Operand 692 states and 1007 transitions. [2022-02-20 18:06:14,452 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:14,452 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:14,453 INFO L74 IsIncluded]: Start isIncluded. First operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 533 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) Second operand 692 states. [2022-02-20 18:06:14,454 INFO L87 Difference]: Start difference. First operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 533 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) Second operand 692 states. [2022-02-20 18:06:14,472 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:14,473 INFO L93 Difference]: Finished difference Result 692 states and 1007 transitions. [2022-02-20 18:06:14,473 INFO L276 IsEmpty]: Start isEmpty. Operand 692 states and 1007 transitions. [2022-02-20 18:06:14,474 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:14,474 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:14,474 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:14,474 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:14,475 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 684 states, 522 states have (on average 1.4655172413793103) internal successors, (765), 533 states have internal predecessors, (765), 117 states have call successors, (117), 44 states have call predecessors, (117), 44 states have return successors, (116), 115 states have call predecessors, (116), 116 states have call successors, (116) [2022-02-20 18:06:14,499 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 684 states to 684 states and 998 transitions. [2022-02-20 18:06:14,499 INFO L78 Accepts]: Start accepts. Automaton has 684 states and 998 transitions. Word has length 183 [2022-02-20 18:06:14,501 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:14,501 INFO L470 AbstractCegarLoop]: Abstraction has 684 states and 998 transitions. [2022-02-20 18:06:14,501 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 33.666666666666664) internal successors, (101), 3 states have internal predecessors, (101), 2 states have call successors, (29), 2 states have call predecessors, (29), 2 states have return successors, (24), 2 states have call predecessors, (24), 2 states have call successors, (24) [2022-02-20 18:06:14,501 INFO L276 IsEmpty]: Start isEmpty. Operand 684 states and 998 transitions. [2022-02-20 18:06:14,503 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 178 [2022-02-20 18:06:14,503 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:14,503 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:14,525 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:14,720 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable6 [2022-02-20 18:06:14,720 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:14,720 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:14,720 INFO L85 PathProgramCache]: Analyzing trace with hash 1782549721, now seen corresponding path program 1 times [2022-02-20 18:06:14,721 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:14,721 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [78467160] [2022-02-20 18:06:14,721 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:14,721 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:14,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,780 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:06:14,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,784 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29870#true} {29870#true} #1733#return; {29870#true} is VALID [2022-02-20 18:06:14,784 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:06:14,786 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,787 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,787 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,787 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29870#true} {29870#true} #1735#return; {29870#true} is VALID [2022-02-20 18:06:14,788 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:06:14,789 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,790 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,791 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,791 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29870#true} {29870#true} #1737#return; {29870#true} is VALID [2022-02-20 18:06:14,791 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:06:14,792 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,794 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,794 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,794 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29870#true} {29870#true} #1739#return; {29870#true} is VALID [2022-02-20 18:06:14,794 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:06:14,795 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,797 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,797 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,797 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29870#true} {29870#true} #1741#return; {29870#true} is VALID [2022-02-20 18:06:14,797 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:06:14,799 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,800 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,800 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,801 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29870#true} {29870#true} #1743#return; {29870#true} is VALID [2022-02-20 18:06:14,801 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:06:14,802 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,804 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,804 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,804 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29870#true} {29870#true} #1745#return; {29870#true} is VALID [2022-02-20 18:06:14,804 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:06:14,805 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,807 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,807 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,807 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29870#true} {29870#true} #1747#return; {29870#true} is VALID [2022-02-20 18:06:14,812 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:06:14,814 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,816 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:14,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,818 INFO L290 TraceCheckUtils]: 0: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,818 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,819 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,819 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29870#true} {29870#true} #1731#return; {29870#true} is VALID [2022-02-20 18:06:14,819 INFO L290 TraceCheckUtils]: 0: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {29870#true} is VALID [2022-02-20 18:06:14,819 INFO L272 TraceCheckUtils]: 1: Hoare triple {29870#true} call setClientId(~bob___0, ~bob___0); {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:14,820 INFO L290 TraceCheckUtils]: 2: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,820 INFO L290 TraceCheckUtils]: 3: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,820 INFO L290 TraceCheckUtils]: 4: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,820 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29870#true} {29870#true} #1731#return; {29870#true} is VALID [2022-02-20 18:06:14,820 INFO L290 TraceCheckUtils]: 6: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,820 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {29870#true} {29870#true} #1749#return; {29870#true} is VALID [2022-02-20 18:06:14,826 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:06:14,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,829 INFO L290 TraceCheckUtils]: 0: Hoare triple {29964#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,829 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,829 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,830 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29870#true} {29870#true} #1751#return; {29870#true} is VALID [2022-02-20 18:06:14,830 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:06:14,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,844 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:14,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,863 INFO L290 TraceCheckUtils]: 0: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29971#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:14,863 INFO L290 TraceCheckUtils]: 1: Hoare triple {29971#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29972#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:14,864 INFO L290 TraceCheckUtils]: 2: Hoare triple {29972#(= |setClientId_#in~handle| 1)} assume true; {29972#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:14,864 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29972#(= |setClientId_#in~handle| 1)} {29965#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {29970#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:14,865 INFO L290 TraceCheckUtils]: 0: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {29965#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:14,866 INFO L272 TraceCheckUtils]: 1: Hoare triple {29965#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:14,866 INFO L290 TraceCheckUtils]: 2: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29971#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:14,866 INFO L290 TraceCheckUtils]: 3: Hoare triple {29971#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29972#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:14,867 INFO L290 TraceCheckUtils]: 4: Hoare triple {29972#(= |setClientId_#in~handle| 1)} assume true; {29972#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:14,867 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29972#(= |setClientId_#in~handle| 1)} {29965#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {29970#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:14,868 INFO L290 TraceCheckUtils]: 6: Hoare triple {29970#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {29970#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:14,868 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {29970#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {29909#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1755#return; {29871#false} is VALID [2022-02-20 18:06:14,868 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:06:14,870 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,872 INFO L290 TraceCheckUtils]: 0: Hoare triple {29964#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,872 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,872 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,872 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29870#true} {29871#false} #1757#return; {29871#false} is VALID [2022-02-20 18:06:14,872 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:06:14,874 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,876 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:14,876 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,878 INFO L290 TraceCheckUtils]: 0: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,878 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,878 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,878 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29870#true} {29870#true} #1625#return; {29870#true} is VALID [2022-02-20 18:06:14,878 INFO L290 TraceCheckUtils]: 0: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {29870#true} is VALID [2022-02-20 18:06:14,879 INFO L272 TraceCheckUtils]: 1: Hoare triple {29870#true} call setClientId(~chuck___0, ~chuck___0); {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:14,879 INFO L290 TraceCheckUtils]: 2: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,879 INFO L290 TraceCheckUtils]: 3: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,880 INFO L290 TraceCheckUtils]: 4: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,880 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29870#true} {29870#true} #1625#return; {29870#true} is VALID [2022-02-20 18:06:14,880 INFO L290 TraceCheckUtils]: 6: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,880 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {29870#true} {29871#false} #1761#return; {29871#false} is VALID [2022-02-20 18:06:14,880 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:06:14,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,883 INFO L290 TraceCheckUtils]: 0: Hoare triple {29964#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,883 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,883 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,883 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29870#true} {29871#false} #1763#return; {29871#false} is VALID [2022-02-20 18:06:14,891 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:06:14,892 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,894 INFO L290 TraceCheckUtils]: 0: Hoare triple {29977#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,894 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,894 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,894 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29870#true} {29871#false} #1647#return; {29871#false} is VALID [2022-02-20 18:06:14,903 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 18:06:14,904 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,907 INFO L290 TraceCheckUtils]: 0: Hoare triple {29978#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,907 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,907 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,907 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29870#true} {29871#false} #1649#return; {29871#false} is VALID [2022-02-20 18:06:14,907 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-02-20 18:06:14,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,910 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} ~handle := #in~handle;havoc ~retValue_acc~3; {29870#true} is VALID [2022-02-20 18:06:14,910 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {29870#true} is VALID [2022-02-20 18:06:14,910 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,910 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29870#true} {29871#false} #1613#return; {29871#false} is VALID [2022-02-20 18:06:14,910 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-02-20 18:06:14,911 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,912 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {29870#true} is VALID [2022-02-20 18:06:14,912 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume 1 == ~handle; {29870#true} is VALID [2022-02-20 18:06:14,912 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {29870#true} is VALID [2022-02-20 18:06:14,913 INFO L290 TraceCheckUtils]: 3: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,913 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {29870#true} {29871#false} #1615#return; {29871#false} is VALID [2022-02-20 18:06:14,913 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 162 [2022-02-20 18:06:14,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,915 INFO L290 TraceCheckUtils]: 0: Hoare triple {29977#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,915 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,915 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,915 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29870#true} {29871#false} #1659#return; {29871#false} is VALID [2022-02-20 18:06:14,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 169 [2022-02-20 18:06:14,916 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:14,917 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} ~handle := #in~handle;havoc ~retValue_acc~6; {29870#true} is VALID [2022-02-20 18:06:14,917 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {29870#true} is VALID [2022-02-20 18:06:14,917 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,917 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29870#true} {29871#false} #1661#return; {29871#false} is VALID [2022-02-20 18:06:14,917 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {29870#true} is VALID [2022-02-20 18:06:14,918 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {29870#true} is VALID [2022-02-20 18:06:14,918 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {29870#true} is VALID [2022-02-20 18:06:14,918 INFO L272 TraceCheckUtils]: 3: Hoare triple {29870#true} call select_features_#t~ret96#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:14,918 INFO L290 TraceCheckUtils]: 4: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,918 INFO L290 TraceCheckUtils]: 5: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,918 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {29870#true} {29870#true} #1733#return; {29870#true} is VALID [2022-02-20 18:06:14,918 INFO L290 TraceCheckUtils]: 7: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {29870#true} is VALID [2022-02-20 18:06:14,918 INFO L272 TraceCheckUtils]: 8: Hoare triple {29870#true} call select_features_#t~ret97#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:14,918 INFO L290 TraceCheckUtils]: 9: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,919 INFO L290 TraceCheckUtils]: 10: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,919 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {29870#true} {29870#true} #1735#return; {29870#true} is VALID [2022-02-20 18:06:14,919 INFO L290 TraceCheckUtils]: 12: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {29870#true} is VALID [2022-02-20 18:06:14,919 INFO L272 TraceCheckUtils]: 13: Hoare triple {29870#true} call select_features_#t~ret98#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:14,919 INFO L290 TraceCheckUtils]: 14: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,919 INFO L290 TraceCheckUtils]: 15: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,919 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29870#true} {29870#true} #1737#return; {29870#true} is VALID [2022-02-20 18:06:14,919 INFO L290 TraceCheckUtils]: 17: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {29870#true} is VALID [2022-02-20 18:06:14,919 INFO L272 TraceCheckUtils]: 18: Hoare triple {29870#true} call select_features_#t~ret99#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:14,919 INFO L290 TraceCheckUtils]: 19: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,920 INFO L290 TraceCheckUtils]: 20: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,920 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {29870#true} {29870#true} #1739#return; {29870#true} is VALID [2022-02-20 18:06:14,920 INFO L290 TraceCheckUtils]: 22: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {29870#true} is VALID [2022-02-20 18:06:14,920 INFO L272 TraceCheckUtils]: 23: Hoare triple {29870#true} call select_features_#t~ret100#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:14,920 INFO L290 TraceCheckUtils]: 24: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,920 INFO L290 TraceCheckUtils]: 25: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,920 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {29870#true} {29870#true} #1741#return; {29870#true} is VALID [2022-02-20 18:06:14,920 INFO L290 TraceCheckUtils]: 27: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {29870#true} is VALID [2022-02-20 18:06:14,920 INFO L272 TraceCheckUtils]: 28: Hoare triple {29870#true} call select_features_#t~ret101#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:14,920 INFO L290 TraceCheckUtils]: 29: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,921 INFO L290 TraceCheckUtils]: 30: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,921 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {29870#true} {29870#true} #1743#return; {29870#true} is VALID [2022-02-20 18:06:14,921 INFO L290 TraceCheckUtils]: 32: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {29870#true} is VALID [2022-02-20 18:06:14,921 INFO L272 TraceCheckUtils]: 33: Hoare triple {29870#true} call select_features_#t~ret102#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:14,921 INFO L290 TraceCheckUtils]: 34: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,921 INFO L290 TraceCheckUtils]: 35: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,921 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {29870#true} {29870#true} #1745#return; {29870#true} is VALID [2022-02-20 18:06:14,921 INFO L290 TraceCheckUtils]: 37: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {29870#true} is VALID [2022-02-20 18:06:14,921 INFO L272 TraceCheckUtils]: 38: Hoare triple {29870#true} call select_features_#t~ret103#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:14,922 INFO L290 TraceCheckUtils]: 39: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:14,922 INFO L290 TraceCheckUtils]: 40: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,922 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {29870#true} {29870#true} #1747#return; {29870#true} is VALID [2022-02-20 18:06:14,922 INFO L290 TraceCheckUtils]: 42: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {29870#true} is VALID [2022-02-20 18:06:14,922 INFO L290 TraceCheckUtils]: 43: Hoare triple {29870#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {29870#true} is VALID [2022-02-20 18:06:14,922 INFO L290 TraceCheckUtils]: 44: Hoare triple {29870#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {29870#true} is VALID [2022-02-20 18:06:14,922 INFO L290 TraceCheckUtils]: 45: Hoare triple {29870#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {29870#true} is VALID [2022-02-20 18:06:14,922 INFO L290 TraceCheckUtils]: 46: Hoare triple {29870#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {29870#true} is VALID [2022-02-20 18:06:14,923 INFO L290 TraceCheckUtils]: 47: Hoare triple {29870#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {29870#true} is VALID [2022-02-20 18:06:14,923 INFO L290 TraceCheckUtils]: 48: Hoare triple {29870#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {29870#true} is VALID [2022-02-20 18:06:14,923 INFO L290 TraceCheckUtils]: 49: Hoare triple {29870#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {29870#true} is VALID [2022-02-20 18:06:14,923 INFO L290 TraceCheckUtils]: 50: Hoare triple {29870#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {29870#true} is VALID [2022-02-20 18:06:14,923 INFO L290 TraceCheckUtils]: 51: Hoare triple {29870#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {29870#true} is VALID [2022-02-20 18:06:14,923 INFO L290 TraceCheckUtils]: 52: Hoare triple {29870#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {29870#true} is VALID [2022-02-20 18:06:14,923 INFO L290 TraceCheckUtils]: 53: Hoare triple {29870#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~20#1 := 1; {29870#true} is VALID [2022-02-20 18:06:14,923 INFO L290 TraceCheckUtils]: 54: Hoare triple {29870#true} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {29870#true} is VALID [2022-02-20 18:06:14,923 INFO L290 TraceCheckUtils]: 55: Hoare triple {29870#true} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {29870#true} is VALID [2022-02-20 18:06:14,924 INFO L290 TraceCheckUtils]: 56: Hoare triple {29870#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {29870#true} is VALID [2022-02-20 18:06:14,924 INFO L290 TraceCheckUtils]: 57: Hoare triple {29870#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {29870#true} is VALID [2022-02-20 18:06:14,924 INFO L272 TraceCheckUtils]: 58: Hoare triple {29870#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:14,925 INFO L290 TraceCheckUtils]: 59: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {29870#true} is VALID [2022-02-20 18:06:14,925 INFO L272 TraceCheckUtils]: 60: Hoare triple {29870#true} call setClientId(~bob___0, ~bob___0); {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:14,925 INFO L290 TraceCheckUtils]: 61: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,925 INFO L290 TraceCheckUtils]: 62: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,925 INFO L290 TraceCheckUtils]: 63: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,926 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {29870#true} {29870#true} #1731#return; {29870#true} is VALID [2022-02-20 18:06:14,926 INFO L290 TraceCheckUtils]: 65: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,926 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {29870#true} {29870#true} #1749#return; {29870#true} is VALID [2022-02-20 18:06:14,926 INFO L272 TraceCheckUtils]: 67: Hoare triple {29870#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {29964#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:14,927 INFO L290 TraceCheckUtils]: 68: Hoare triple {29964#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,927 INFO L290 TraceCheckUtils]: 69: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,927 INFO L290 TraceCheckUtils]: 70: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,927 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {29870#true} {29870#true} #1751#return; {29870#true} is VALID [2022-02-20 18:06:14,927 INFO L290 TraceCheckUtils]: 72: Hoare triple {29870#true} assume { :end_inline_setup_bob__role__Keys } true; {29870#true} is VALID [2022-02-20 18:06:14,927 INFO L290 TraceCheckUtils]: 73: Hoare triple {29870#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {29908#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} is VALID [2022-02-20 18:06:14,928 INFO L290 TraceCheckUtils]: 74: Hoare triple {29908#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| 2)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {29909#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} is VALID [2022-02-20 18:06:14,928 INFO L272 TraceCheckUtils]: 75: Hoare triple {29909#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:14,929 INFO L290 TraceCheckUtils]: 76: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {29965#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:14,929 INFO L272 TraceCheckUtils]: 77: Hoare triple {29965#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:14,930 INFO L290 TraceCheckUtils]: 78: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29971#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:14,930 INFO L290 TraceCheckUtils]: 79: Hoare triple {29971#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29972#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:14,930 INFO L290 TraceCheckUtils]: 80: Hoare triple {29972#(= |setClientId_#in~handle| 1)} assume true; {29972#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:14,931 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {29972#(= |setClientId_#in~handle| 1)} {29965#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {29970#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:14,931 INFO L290 TraceCheckUtils]: 82: Hoare triple {29970#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {29970#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:14,932 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {29970#(= |setup_rjh__before__Keys_#in~rjh___0| 1)} {29909#(= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 2)} #1755#return; {29871#false} is VALID [2022-02-20 18:06:14,932 INFO L272 TraceCheckUtils]: 84: Hoare triple {29871#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {29964#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:14,932 INFO L290 TraceCheckUtils]: 85: Hoare triple {29964#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,932 INFO L290 TraceCheckUtils]: 86: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,932 INFO L290 TraceCheckUtils]: 87: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,932 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {29870#true} {29871#false} #1757#return; {29871#false} is VALID [2022-02-20 18:06:14,932 INFO L290 TraceCheckUtils]: 89: Hoare triple {29871#false} assume { :end_inline_setup_rjh__role__Keys } true; {29871#false} is VALID [2022-02-20 18:06:14,932 INFO L290 TraceCheckUtils]: 90: Hoare triple {29871#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {29871#false} is VALID [2022-02-20 18:06:14,932 INFO L290 TraceCheckUtils]: 91: Hoare triple {29871#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {29871#false} is VALID [2022-02-20 18:06:14,932 INFO L272 TraceCheckUtils]: 92: Hoare triple {29871#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:14,933 INFO L290 TraceCheckUtils]: 93: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {29870#true} is VALID [2022-02-20 18:06:14,933 INFO L272 TraceCheckUtils]: 94: Hoare triple {29870#true} call setClientId(~chuck___0, ~chuck___0); {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:14,933 INFO L290 TraceCheckUtils]: 95: Hoare triple {29959#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,933 INFO L290 TraceCheckUtils]: 96: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,934 INFO L290 TraceCheckUtils]: 97: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,934 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {29870#true} {29870#true} #1625#return; {29870#true} is VALID [2022-02-20 18:06:14,934 INFO L290 TraceCheckUtils]: 99: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,934 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {29870#true} {29871#false} #1761#return; {29871#false} is VALID [2022-02-20 18:06:14,934 INFO L272 TraceCheckUtils]: 101: Hoare triple {29871#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {29964#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:14,934 INFO L290 TraceCheckUtils]: 102: Hoare triple {29964#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,934 INFO L290 TraceCheckUtils]: 103: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,934 INFO L290 TraceCheckUtils]: 104: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,934 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {29870#true} {29871#false} #1763#return; {29871#false} is VALID [2022-02-20 18:06:14,934 INFO L290 TraceCheckUtils]: 106: Hoare triple {29871#false} assume { :end_inline_setup_chuck__role__Keys } true; {29871#false} is VALID [2022-02-20 18:06:14,935 INFO L290 TraceCheckUtils]: 107: Hoare triple {29871#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {29871#false} is VALID [2022-02-20 18:06:14,935 INFO L290 TraceCheckUtils]: 108: Hoare triple {29871#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29871#false} is VALID [2022-02-20 18:06:14,935 INFO L290 TraceCheckUtils]: 109: Hoare triple {29871#false} assume !false; {29871#false} is VALID [2022-02-20 18:06:14,935 INFO L290 TraceCheckUtils]: 110: Hoare triple {29871#false} assume test_~splverifierCounter~0#1 < 4; {29871#false} is VALID [2022-02-20 18:06:14,935 INFO L290 TraceCheckUtils]: 111: Hoare triple {29871#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {29871#false} is VALID [2022-02-20 18:06:14,935 INFO L290 TraceCheckUtils]: 112: Hoare triple {29871#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {29871#false} is VALID [2022-02-20 18:06:14,935 INFO L290 TraceCheckUtils]: 113: Hoare triple {29871#false} assume !(0 != test_~tmp___9~0#1); {29871#false} is VALID [2022-02-20 18:06:14,935 INFO L290 TraceCheckUtils]: 114: Hoare triple {29871#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {29871#false} is VALID [2022-02-20 18:06:14,936 INFO L290 TraceCheckUtils]: 115: Hoare triple {29871#false} assume 0 != test_~tmp___8~0#1; {29871#false} is VALID [2022-02-20 18:06:14,936 INFO L290 TraceCheckUtils]: 116: Hoare triple {29871#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {29871#false} is VALID [2022-02-20 18:06:14,936 INFO L290 TraceCheckUtils]: 117: Hoare triple {29871#false} test_~op2~0#1 := 1; {29871#false} is VALID [2022-02-20 18:06:14,936 INFO L290 TraceCheckUtils]: 118: Hoare triple {29871#false} assume !false; {29871#false} is VALID [2022-02-20 18:06:14,936 INFO L290 TraceCheckUtils]: 119: Hoare triple {29871#false} assume !(test_~splverifierCounter~0#1 < 4); {29871#false} is VALID [2022-02-20 18:06:14,936 INFO L290 TraceCheckUtils]: 120: Hoare triple {29871#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {29871#false} is VALID [2022-02-20 18:06:14,936 INFO L272 TraceCheckUtils]: 121: Hoare triple {29871#false} call sendEmail(~bob~0, ~rjh~0); {29871#false} is VALID [2022-02-20 18:06:14,936 INFO L290 TraceCheckUtils]: 122: Hoare triple {29871#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29871#false} is VALID [2022-02-20 18:06:14,936 INFO L272 TraceCheckUtils]: 123: Hoare triple {29871#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {29977#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:14,936 INFO L290 TraceCheckUtils]: 124: Hoare triple {29977#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,937 INFO L290 TraceCheckUtils]: 125: Hoare triple {29870#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,937 INFO L290 TraceCheckUtils]: 126: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,937 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {29870#true} {29871#false} #1647#return; {29871#false} is VALID [2022-02-20 18:06:14,937 INFO L272 TraceCheckUtils]: 128: Hoare triple {29871#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {29978#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:06:14,937 INFO L290 TraceCheckUtils]: 129: Hoare triple {29978#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,937 INFO L290 TraceCheckUtils]: 130: Hoare triple {29870#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,937 INFO L290 TraceCheckUtils]: 131: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,937 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {29870#true} {29871#false} #1649#return; {29871#false} is VALID [2022-02-20 18:06:14,937 INFO L290 TraceCheckUtils]: 133: Hoare triple {29871#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {29871#false} is VALID [2022-02-20 18:06:14,938 INFO L290 TraceCheckUtils]: 134: Hoare triple {29871#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {29871#false} is VALID [2022-02-20 18:06:14,938 INFO L272 TraceCheckUtils]: 135: Hoare triple {29871#false} call outgoing(~sender#1, ~email~0#1); {29871#false} is VALID [2022-02-20 18:06:14,938 INFO L290 TraceCheckUtils]: 136: Hoare triple {29871#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29871#false} is VALID [2022-02-20 18:06:14,938 INFO L290 TraceCheckUtils]: 137: Hoare triple {29871#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {29871#false} is VALID [2022-02-20 18:06:14,938 INFO L272 TraceCheckUtils]: 138: Hoare triple {29871#false} call outgoing__before__Sign(~client#1, ~msg#1); {29871#false} is VALID [2022-02-20 18:06:14,938 INFO L290 TraceCheckUtils]: 139: Hoare triple {29871#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29871#false} is VALID [2022-02-20 18:06:14,938 INFO L290 TraceCheckUtils]: 140: Hoare triple {29871#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {29871#false} is VALID [2022-02-20 18:06:14,938 INFO L272 TraceCheckUtils]: 141: Hoare triple {29871#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {29871#false} is VALID [2022-02-20 18:06:14,938 INFO L290 TraceCheckUtils]: 142: Hoare triple {29871#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29871#false} is VALID [2022-02-20 18:06:14,939 INFO L290 TraceCheckUtils]: 143: Hoare triple {29871#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret18#1, outgoing__role__Encrypt_#t~ret19#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~3#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~1#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~3#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~1#1; {29871#false} is VALID [2022-02-20 18:06:14,939 INFO L272 TraceCheckUtils]: 144: Hoare triple {29871#false} call outgoing__role__Encrypt_#t~ret18#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {29870#true} is VALID [2022-02-20 18:06:14,939 INFO L290 TraceCheckUtils]: 145: Hoare triple {29870#true} ~handle := #in~handle;havoc ~retValue_acc~3; {29870#true} is VALID [2022-02-20 18:06:14,939 INFO L290 TraceCheckUtils]: 146: Hoare triple {29870#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {29870#true} is VALID [2022-02-20 18:06:14,939 INFO L290 TraceCheckUtils]: 147: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,939 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {29870#true} {29871#false} #1613#return; {29871#false} is VALID [2022-02-20 18:06:14,939 INFO L290 TraceCheckUtils]: 149: Hoare triple {29871#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret18#1 && outgoing__role__Encrypt_#t~ret18#1 <= 2147483647;outgoing__role__Encrypt_~tmp~3#1 := outgoing__role__Encrypt_#t~ret18#1;havoc outgoing__role__Encrypt_#t~ret18#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~3#1; {29871#false} is VALID [2022-02-20 18:06:14,939 INFO L272 TraceCheckUtils]: 150: Hoare triple {29871#false} call outgoing__role__Encrypt_#t~ret19#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {29870#true} is VALID [2022-02-20 18:06:14,939 INFO L290 TraceCheckUtils]: 151: Hoare triple {29870#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {29870#true} is VALID [2022-02-20 18:06:14,939 INFO L290 TraceCheckUtils]: 152: Hoare triple {29870#true} assume 1 == ~handle; {29870#true} is VALID [2022-02-20 18:06:14,940 INFO L290 TraceCheckUtils]: 153: Hoare triple {29870#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {29870#true} is VALID [2022-02-20 18:06:14,940 INFO L290 TraceCheckUtils]: 154: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,940 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {29870#true} {29871#false} #1615#return; {29871#false} is VALID [2022-02-20 18:06:14,940 INFO L290 TraceCheckUtils]: 156: Hoare triple {29871#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret19#1 && outgoing__role__Encrypt_#t~ret19#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~1#1 := outgoing__role__Encrypt_#t~ret19#1;havoc outgoing__role__Encrypt_#t~ret19#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~1#1; {29871#false} is VALID [2022-02-20 18:06:14,940 INFO L290 TraceCheckUtils]: 157: Hoare triple {29871#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {29871#false} is VALID [2022-02-20 18:06:14,940 INFO L272 TraceCheckUtils]: 158: Hoare triple {29871#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {29871#false} is VALID [2022-02-20 18:06:14,940 INFO L290 TraceCheckUtils]: 159: Hoare triple {29871#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {29871#false} is VALID [2022-02-20 18:06:14,940 INFO L290 TraceCheckUtils]: 160: Hoare triple {29871#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {29871#false} is VALID [2022-02-20 18:06:14,940 INFO L290 TraceCheckUtils]: 161: Hoare triple {29871#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {29871#false} is VALID [2022-02-20 18:06:14,941 INFO L272 TraceCheckUtils]: 162: Hoare triple {29871#false} call setEmailFrom(~msg#1, ~tmp~2#1); {29977#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:14,941 INFO L290 TraceCheckUtils]: 163: Hoare triple {29977#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:14,941 INFO L290 TraceCheckUtils]: 164: Hoare triple {29870#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:14,941 INFO L290 TraceCheckUtils]: 165: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,941 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {29870#true} {29871#false} #1659#return; {29871#false} is VALID [2022-02-20 18:06:14,941 INFO L290 TraceCheckUtils]: 167: Hoare triple {29871#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {29871#false} is VALID [2022-02-20 18:06:14,941 INFO L290 TraceCheckUtils]: 168: Hoare triple {29871#false} assume 0 != ~in_encrypted~0; {29871#false} is VALID [2022-02-20 18:06:14,941 INFO L272 TraceCheckUtils]: 169: Hoare triple {29871#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {29870#true} is VALID [2022-02-20 18:06:14,941 INFO L290 TraceCheckUtils]: 170: Hoare triple {29870#true} ~handle := #in~handle;havoc ~retValue_acc~6; {29870#true} is VALID [2022-02-20 18:06:14,942 INFO L290 TraceCheckUtils]: 171: Hoare triple {29870#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {29870#true} is VALID [2022-02-20 18:06:14,942 INFO L290 TraceCheckUtils]: 172: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:14,942 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {29870#true} {29871#false} #1661#return; {29871#false} is VALID [2022-02-20 18:06:14,942 INFO L290 TraceCheckUtils]: 174: Hoare triple {29871#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {29871#false} is VALID [2022-02-20 18:06:14,942 INFO L290 TraceCheckUtils]: 175: Hoare triple {29871#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {29871#false} is VALID [2022-02-20 18:06:14,942 INFO L290 TraceCheckUtils]: 176: Hoare triple {29871#false} assume !false; {29871#false} is VALID [2022-02-20 18:06:14,942 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 108 trivial. 0 not checked. [2022-02-20 18:06:14,943 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:14,943 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [78467160] [2022-02-20 18:06:14,943 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [78467160] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:06:14,948 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1054450855] [2022-02-20 18:06:14,948 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:14,949 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:06:14,949 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:06:14,964 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:06:15,004 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:06:15,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:15,264 INFO L263 TraceCheckSpWp]: Trace formula consists of 1474 conjuncts, 10 conjunts are in the unsatisfiable core [2022-02-20 18:06:15,324 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:15,334 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:16,103 INFO L290 TraceCheckUtils]: 0: Hoare triple {29870#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {29870#true} is VALID [2022-02-20 18:06:16,103 INFO L290 TraceCheckUtils]: 1: Hoare triple {29870#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {29870#true} is VALID [2022-02-20 18:06:16,104 INFO L290 TraceCheckUtils]: 2: Hoare triple {29870#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {29870#true} is VALID [2022-02-20 18:06:16,104 INFO L272 TraceCheckUtils]: 3: Hoare triple {29870#true} call select_features_#t~ret96#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:16,104 INFO L290 TraceCheckUtils]: 4: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:16,104 INFO L290 TraceCheckUtils]: 5: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:16,104 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {29870#true} {29870#true} #1733#return; {29870#true} is VALID [2022-02-20 18:06:16,104 INFO L290 TraceCheckUtils]: 7: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {29870#true} is VALID [2022-02-20 18:06:16,104 INFO L272 TraceCheckUtils]: 8: Hoare triple {29870#true} call select_features_#t~ret97#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:16,104 INFO L290 TraceCheckUtils]: 9: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:16,104 INFO L290 TraceCheckUtils]: 10: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:16,105 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {29870#true} {29870#true} #1735#return; {29870#true} is VALID [2022-02-20 18:06:16,106 INFO L290 TraceCheckUtils]: 12: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {29870#true} is VALID [2022-02-20 18:06:16,106 INFO L272 TraceCheckUtils]: 13: Hoare triple {29870#true} call select_features_#t~ret98#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:16,106 INFO L290 TraceCheckUtils]: 14: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:16,106 INFO L290 TraceCheckUtils]: 15: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:16,106 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29870#true} {29870#true} #1737#return; {29870#true} is VALID [2022-02-20 18:06:16,106 INFO L290 TraceCheckUtils]: 17: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {29870#true} is VALID [2022-02-20 18:06:16,106 INFO L272 TraceCheckUtils]: 18: Hoare triple {29870#true} call select_features_#t~ret99#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:16,106 INFO L290 TraceCheckUtils]: 19: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:16,106 INFO L290 TraceCheckUtils]: 20: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:16,107 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {29870#true} {29870#true} #1739#return; {29870#true} is VALID [2022-02-20 18:06:16,107 INFO L290 TraceCheckUtils]: 22: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {29870#true} is VALID [2022-02-20 18:06:16,107 INFO L272 TraceCheckUtils]: 23: Hoare triple {29870#true} call select_features_#t~ret100#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:16,107 INFO L290 TraceCheckUtils]: 24: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:16,107 INFO L290 TraceCheckUtils]: 25: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:16,108 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {29870#true} {29870#true} #1741#return; {29870#true} is VALID [2022-02-20 18:06:16,108 INFO L290 TraceCheckUtils]: 27: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {29870#true} is VALID [2022-02-20 18:06:16,108 INFO L272 TraceCheckUtils]: 28: Hoare triple {29870#true} call select_features_#t~ret101#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:16,108 INFO L290 TraceCheckUtils]: 29: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:16,108 INFO L290 TraceCheckUtils]: 30: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:16,108 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {29870#true} {29870#true} #1743#return; {29870#true} is VALID [2022-02-20 18:06:16,108 INFO L290 TraceCheckUtils]: 32: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {29870#true} is VALID [2022-02-20 18:06:16,108 INFO L272 TraceCheckUtils]: 33: Hoare triple {29870#true} call select_features_#t~ret102#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:16,109 INFO L290 TraceCheckUtils]: 34: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:16,109 INFO L290 TraceCheckUtils]: 35: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:16,109 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {29870#true} {29870#true} #1745#return; {29870#true} is VALID [2022-02-20 18:06:16,109 INFO L290 TraceCheckUtils]: 37: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {29870#true} is VALID [2022-02-20 18:06:16,110 INFO L272 TraceCheckUtils]: 38: Hoare triple {29870#true} call select_features_#t~ret103#1 := select_one(); {29870#true} is VALID [2022-02-20 18:06:16,110 INFO L290 TraceCheckUtils]: 39: Hoare triple {29870#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {29870#true} is VALID [2022-02-20 18:06:16,110 INFO L290 TraceCheckUtils]: 40: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:16,110 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {29870#true} {29870#true} #1747#return; {29870#true} is VALID [2022-02-20 18:06:16,110 INFO L290 TraceCheckUtils]: 42: Hoare triple {29870#true} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {29870#true} is VALID [2022-02-20 18:06:16,110 INFO L290 TraceCheckUtils]: 43: Hoare triple {29870#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {29870#true} is VALID [2022-02-20 18:06:16,110 INFO L290 TraceCheckUtils]: 44: Hoare triple {29870#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {29870#true} is VALID [2022-02-20 18:06:16,110 INFO L290 TraceCheckUtils]: 45: Hoare triple {29870#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {29870#true} is VALID [2022-02-20 18:06:16,110 INFO L290 TraceCheckUtils]: 46: Hoare triple {29870#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {29870#true} is VALID [2022-02-20 18:06:16,111 INFO L290 TraceCheckUtils]: 47: Hoare triple {29870#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {29870#true} is VALID [2022-02-20 18:06:16,111 INFO L290 TraceCheckUtils]: 48: Hoare triple {29870#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {29870#true} is VALID [2022-02-20 18:06:16,111 INFO L290 TraceCheckUtils]: 49: Hoare triple {29870#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {29870#true} is VALID [2022-02-20 18:06:16,111 INFO L290 TraceCheckUtils]: 50: Hoare triple {29870#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {29870#true} is VALID [2022-02-20 18:06:16,111 INFO L290 TraceCheckUtils]: 51: Hoare triple {29870#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {29870#true} is VALID [2022-02-20 18:06:16,111 INFO L290 TraceCheckUtils]: 52: Hoare triple {29870#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {29870#true} is VALID [2022-02-20 18:06:16,111 INFO L290 TraceCheckUtils]: 53: Hoare triple {29870#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~20#1 := 1; {29870#true} is VALID [2022-02-20 18:06:16,111 INFO L290 TraceCheckUtils]: 54: Hoare triple {29870#true} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {29870#true} is VALID [2022-02-20 18:06:16,111 INFO L290 TraceCheckUtils]: 55: Hoare triple {29870#true} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {29870#true} is VALID [2022-02-20 18:06:16,112 INFO L290 TraceCheckUtils]: 56: Hoare triple {29870#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {29870#true} is VALID [2022-02-20 18:06:16,112 INFO L290 TraceCheckUtils]: 57: Hoare triple {29870#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {29870#true} is VALID [2022-02-20 18:06:16,112 INFO L272 TraceCheckUtils]: 58: Hoare triple {29870#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {29870#true} is VALID [2022-02-20 18:06:16,112 INFO L290 TraceCheckUtils]: 59: Hoare triple {29870#true} ~bob___0 := #in~bob___0; {29870#true} is VALID [2022-02-20 18:06:16,112 INFO L272 TraceCheckUtils]: 60: Hoare triple {29870#true} call setClientId(~bob___0, ~bob___0); {29870#true} is VALID [2022-02-20 18:06:16,112 INFO L290 TraceCheckUtils]: 61: Hoare triple {29870#true} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:16,112 INFO L290 TraceCheckUtils]: 62: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:16,113 INFO L290 TraceCheckUtils]: 63: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:16,113 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {29870#true} {29870#true} #1731#return; {29870#true} is VALID [2022-02-20 18:06:16,113 INFO L290 TraceCheckUtils]: 65: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:16,113 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {29870#true} {29870#true} #1749#return; {29870#true} is VALID [2022-02-20 18:06:16,119 INFO L272 TraceCheckUtils]: 67: Hoare triple {29870#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {29870#true} is VALID [2022-02-20 18:06:16,119 INFO L290 TraceCheckUtils]: 68: Hoare triple {29870#true} ~handle := #in~handle;~value := #in~value; {29870#true} is VALID [2022-02-20 18:06:16,119 INFO L290 TraceCheckUtils]: 69: Hoare triple {29870#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29870#true} is VALID [2022-02-20 18:06:16,119 INFO L290 TraceCheckUtils]: 70: Hoare triple {29870#true} assume true; {29870#true} is VALID [2022-02-20 18:06:16,119 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {29870#true} {29870#true} #1751#return; {29870#true} is VALID [2022-02-20 18:06:16,120 INFO L290 TraceCheckUtils]: 72: Hoare triple {29870#true} assume { :end_inline_setup_bob__role__Keys } true; {29870#true} is VALID [2022-02-20 18:06:16,120 INFO L290 TraceCheckUtils]: 73: Hoare triple {29870#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {30201#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:06:16,121 INFO L290 TraceCheckUtils]: 74: Hoare triple {30201#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {30205#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:06:16,121 INFO L272 TraceCheckUtils]: 75: Hoare triple {30205#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {29870#true} is VALID [2022-02-20 18:06:16,121 INFO L290 TraceCheckUtils]: 76: Hoare triple {29870#true} ~rjh___0 := #in~rjh___0; {30212#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} is VALID [2022-02-20 18:06:16,121 INFO L272 TraceCheckUtils]: 77: Hoare triple {30212#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} call setClientId(~rjh___0, ~rjh___0); {29870#true} is VALID [2022-02-20 18:06:16,122 INFO L290 TraceCheckUtils]: 78: Hoare triple {29870#true} ~handle := #in~handle;~value := #in~value; {30219#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:06:16,122 INFO L290 TraceCheckUtils]: 79: Hoare triple {30219#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30223#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:16,123 INFO L290 TraceCheckUtils]: 80: Hoare triple {30223#(<= |setClientId_#in~handle| 1)} assume true; {30223#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:06:16,123 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {30223#(<= |setClientId_#in~handle| 1)} {30212#(<= |setup_rjh__before__Keys_#in~rjh___0| setup_rjh__before__Keys_~rjh___0)} #1683#return; {30230#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:16,124 INFO L290 TraceCheckUtils]: 82: Hoare triple {30230#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} assume true; {30230#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} is VALID [2022-02-20 18:06:16,124 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {30230#(<= |setup_rjh__before__Keys_#in~rjh___0| 1)} {30205#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1755#return; {29871#false} is VALID [2022-02-20 18:06:16,124 INFO L272 TraceCheckUtils]: 84: Hoare triple {29871#false} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {29871#false} is VALID [2022-02-20 18:06:16,125 INFO L290 TraceCheckUtils]: 85: Hoare triple {29871#false} ~handle := #in~handle;~value := #in~value; {29871#false} is VALID [2022-02-20 18:06:16,125 INFO L290 TraceCheckUtils]: 86: Hoare triple {29871#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29871#false} is VALID [2022-02-20 18:06:16,125 INFO L290 TraceCheckUtils]: 87: Hoare triple {29871#false} assume true; {29871#false} is VALID [2022-02-20 18:06:16,125 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {29871#false} {29871#false} #1757#return; {29871#false} is VALID [2022-02-20 18:06:16,125 INFO L290 TraceCheckUtils]: 89: Hoare triple {29871#false} assume { :end_inline_setup_rjh__role__Keys } true; {29871#false} is VALID [2022-02-20 18:06:16,125 INFO L290 TraceCheckUtils]: 90: Hoare triple {29871#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {29871#false} is VALID [2022-02-20 18:06:16,125 INFO L290 TraceCheckUtils]: 91: Hoare triple {29871#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {29871#false} is VALID [2022-02-20 18:06:16,125 INFO L272 TraceCheckUtils]: 92: Hoare triple {29871#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {29871#false} is VALID [2022-02-20 18:06:16,143 INFO L290 TraceCheckUtils]: 93: Hoare triple {29871#false} ~chuck___0 := #in~chuck___0; {29871#false} is VALID [2022-02-20 18:06:16,143 INFO L272 TraceCheckUtils]: 94: Hoare triple {29871#false} call setClientId(~chuck___0, ~chuck___0); {29871#false} is VALID [2022-02-20 18:06:16,143 INFO L290 TraceCheckUtils]: 95: Hoare triple {29871#false} ~handle := #in~handle;~value := #in~value; {29871#false} is VALID [2022-02-20 18:06:16,144 INFO L290 TraceCheckUtils]: 96: Hoare triple {29871#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29871#false} is VALID [2022-02-20 18:06:16,144 INFO L290 TraceCheckUtils]: 97: Hoare triple {29871#false} assume true; {29871#false} is VALID [2022-02-20 18:06:16,144 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {29871#false} {29871#false} #1625#return; {29871#false} is VALID [2022-02-20 18:06:16,144 INFO L290 TraceCheckUtils]: 99: Hoare triple {29871#false} assume true; {29871#false} is VALID [2022-02-20 18:06:16,144 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {29871#false} {29871#false} #1761#return; {29871#false} is VALID [2022-02-20 18:06:16,144 INFO L272 TraceCheckUtils]: 101: Hoare triple {29871#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {29871#false} is VALID [2022-02-20 18:06:16,144 INFO L290 TraceCheckUtils]: 102: Hoare triple {29871#false} ~handle := #in~handle;~value := #in~value; {29871#false} is VALID [2022-02-20 18:06:16,144 INFO L290 TraceCheckUtils]: 103: Hoare triple {29871#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29871#false} is VALID [2022-02-20 18:06:16,144 INFO L290 TraceCheckUtils]: 104: Hoare triple {29871#false} assume true; {29871#false} is VALID [2022-02-20 18:06:16,144 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {29871#false} {29871#false} #1763#return; {29871#false} is VALID [2022-02-20 18:06:16,145 INFO L290 TraceCheckUtils]: 106: Hoare triple {29871#false} assume { :end_inline_setup_chuck__role__Keys } true; {29871#false} is VALID [2022-02-20 18:06:16,145 INFO L290 TraceCheckUtils]: 107: Hoare triple {29871#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {29871#false} is VALID [2022-02-20 18:06:16,145 INFO L290 TraceCheckUtils]: 108: Hoare triple {29871#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29871#false} is VALID [2022-02-20 18:06:16,145 INFO L290 TraceCheckUtils]: 109: Hoare triple {29871#false} assume !false; {29871#false} is VALID [2022-02-20 18:06:16,145 INFO L290 TraceCheckUtils]: 110: Hoare triple {29871#false} assume test_~splverifierCounter~0#1 < 4; {29871#false} is VALID [2022-02-20 18:06:16,145 INFO L290 TraceCheckUtils]: 111: Hoare triple {29871#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {29871#false} is VALID [2022-02-20 18:06:16,145 INFO L290 TraceCheckUtils]: 112: Hoare triple {29871#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {29871#false} is VALID [2022-02-20 18:06:16,145 INFO L290 TraceCheckUtils]: 113: Hoare triple {29871#false} assume !(0 != test_~tmp___9~0#1); {29871#false} is VALID [2022-02-20 18:06:16,145 INFO L290 TraceCheckUtils]: 114: Hoare triple {29871#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {29871#false} is VALID [2022-02-20 18:06:16,146 INFO L290 TraceCheckUtils]: 115: Hoare triple {29871#false} assume 0 != test_~tmp___8~0#1; {29871#false} is VALID [2022-02-20 18:06:16,146 INFO L290 TraceCheckUtils]: 116: Hoare triple {29871#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {29871#false} is VALID [2022-02-20 18:06:16,146 INFO L290 TraceCheckUtils]: 117: Hoare triple {29871#false} test_~op2~0#1 := 1; {29871#false} is VALID [2022-02-20 18:06:16,146 INFO L290 TraceCheckUtils]: 118: Hoare triple {29871#false} assume !false; {29871#false} is VALID [2022-02-20 18:06:16,146 INFO L290 TraceCheckUtils]: 119: Hoare triple {29871#false} assume !(test_~splverifierCounter~0#1 < 4); {29871#false} is VALID [2022-02-20 18:06:16,146 INFO L290 TraceCheckUtils]: 120: Hoare triple {29871#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {29871#false} is VALID [2022-02-20 18:06:16,146 INFO L272 TraceCheckUtils]: 121: Hoare triple {29871#false} call sendEmail(~bob~0, ~rjh~0); {29871#false} is VALID [2022-02-20 18:06:16,146 INFO L290 TraceCheckUtils]: 122: Hoare triple {29871#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29871#false} is VALID [2022-02-20 18:06:16,147 INFO L272 TraceCheckUtils]: 123: Hoare triple {29871#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {29871#false} is VALID [2022-02-20 18:06:16,147 INFO L290 TraceCheckUtils]: 124: Hoare triple {29871#false} ~handle := #in~handle;~value := #in~value; {29871#false} is VALID [2022-02-20 18:06:16,147 INFO L290 TraceCheckUtils]: 125: Hoare triple {29871#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29871#false} is VALID [2022-02-20 18:06:16,147 INFO L290 TraceCheckUtils]: 126: Hoare triple {29871#false} assume true; {29871#false} is VALID [2022-02-20 18:06:16,147 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {29871#false} {29871#false} #1647#return; {29871#false} is VALID [2022-02-20 18:06:16,147 INFO L272 TraceCheckUtils]: 128: Hoare triple {29871#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {29871#false} is VALID [2022-02-20 18:06:16,147 INFO L290 TraceCheckUtils]: 129: Hoare triple {29871#false} ~handle := #in~handle;~value := #in~value; {29871#false} is VALID [2022-02-20 18:06:16,147 INFO L290 TraceCheckUtils]: 130: Hoare triple {29871#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29871#false} is VALID [2022-02-20 18:06:16,147 INFO L290 TraceCheckUtils]: 131: Hoare triple {29871#false} assume true; {29871#false} is VALID [2022-02-20 18:06:16,148 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {29871#false} {29871#false} #1649#return; {29871#false} is VALID [2022-02-20 18:06:16,148 INFO L290 TraceCheckUtils]: 133: Hoare triple {29871#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {29871#false} is VALID [2022-02-20 18:06:16,148 INFO L290 TraceCheckUtils]: 134: Hoare triple {29871#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {29871#false} is VALID [2022-02-20 18:06:16,148 INFO L272 TraceCheckUtils]: 135: Hoare triple {29871#false} call outgoing(~sender#1, ~email~0#1); {29871#false} is VALID [2022-02-20 18:06:16,148 INFO L290 TraceCheckUtils]: 136: Hoare triple {29871#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29871#false} is VALID [2022-02-20 18:06:16,148 INFO L290 TraceCheckUtils]: 137: Hoare triple {29871#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {29871#false} is VALID [2022-02-20 18:06:16,148 INFO L272 TraceCheckUtils]: 138: Hoare triple {29871#false} call outgoing__before__Sign(~client#1, ~msg#1); {29871#false} is VALID [2022-02-20 18:06:16,148 INFO L290 TraceCheckUtils]: 139: Hoare triple {29871#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29871#false} is VALID [2022-02-20 18:06:16,149 INFO L290 TraceCheckUtils]: 140: Hoare triple {29871#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {29871#false} is VALID [2022-02-20 18:06:16,149 INFO L272 TraceCheckUtils]: 141: Hoare triple {29871#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {29871#false} is VALID [2022-02-20 18:06:16,149 INFO L290 TraceCheckUtils]: 142: Hoare triple {29871#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {29871#false} is VALID [2022-02-20 18:06:16,149 INFO L290 TraceCheckUtils]: 143: Hoare triple {29871#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret18#1, outgoing__role__Encrypt_#t~ret19#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~3#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~1#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~3#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~1#1; {29871#false} is VALID [2022-02-20 18:06:16,149 INFO L272 TraceCheckUtils]: 144: Hoare triple {29871#false} call outgoing__role__Encrypt_#t~ret18#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {29871#false} is VALID [2022-02-20 18:06:16,149 INFO L290 TraceCheckUtils]: 145: Hoare triple {29871#false} ~handle := #in~handle;havoc ~retValue_acc~3; {29871#false} is VALID [2022-02-20 18:06:16,149 INFO L290 TraceCheckUtils]: 146: Hoare triple {29871#false} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {29871#false} is VALID [2022-02-20 18:06:16,149 INFO L290 TraceCheckUtils]: 147: Hoare triple {29871#false} assume true; {29871#false} is VALID [2022-02-20 18:06:16,149 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {29871#false} {29871#false} #1613#return; {29871#false} is VALID [2022-02-20 18:06:16,150 INFO L290 TraceCheckUtils]: 149: Hoare triple {29871#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret18#1 && outgoing__role__Encrypt_#t~ret18#1 <= 2147483647;outgoing__role__Encrypt_~tmp~3#1 := outgoing__role__Encrypt_#t~ret18#1;havoc outgoing__role__Encrypt_#t~ret18#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~3#1; {29871#false} is VALID [2022-02-20 18:06:16,150 INFO L272 TraceCheckUtils]: 150: Hoare triple {29871#false} call outgoing__role__Encrypt_#t~ret19#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {29871#false} is VALID [2022-02-20 18:06:16,150 INFO L290 TraceCheckUtils]: 151: Hoare triple {29871#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {29871#false} is VALID [2022-02-20 18:06:16,150 INFO L290 TraceCheckUtils]: 152: Hoare triple {29871#false} assume 1 == ~handle; {29871#false} is VALID [2022-02-20 18:06:16,150 INFO L290 TraceCheckUtils]: 153: Hoare triple {29871#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {29871#false} is VALID [2022-02-20 18:06:16,150 INFO L290 TraceCheckUtils]: 154: Hoare triple {29871#false} assume true; {29871#false} is VALID [2022-02-20 18:06:16,150 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {29871#false} {29871#false} #1615#return; {29871#false} is VALID [2022-02-20 18:06:16,150 INFO L290 TraceCheckUtils]: 156: Hoare triple {29871#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret19#1 && outgoing__role__Encrypt_#t~ret19#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~1#1 := outgoing__role__Encrypt_#t~ret19#1;havoc outgoing__role__Encrypt_#t~ret19#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~1#1; {29871#false} is VALID [2022-02-20 18:06:16,150 INFO L290 TraceCheckUtils]: 157: Hoare triple {29871#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {29871#false} is VALID [2022-02-20 18:06:16,151 INFO L272 TraceCheckUtils]: 158: Hoare triple {29871#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {29871#false} is VALID [2022-02-20 18:06:16,151 INFO L290 TraceCheckUtils]: 159: Hoare triple {29871#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {29871#false} is VALID [2022-02-20 18:06:16,151 INFO L290 TraceCheckUtils]: 160: Hoare triple {29871#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {29871#false} is VALID [2022-02-20 18:06:16,151 INFO L290 TraceCheckUtils]: 161: Hoare triple {29871#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {29871#false} is VALID [2022-02-20 18:06:16,151 INFO L272 TraceCheckUtils]: 162: Hoare triple {29871#false} call setEmailFrom(~msg#1, ~tmp~2#1); {29871#false} is VALID [2022-02-20 18:06:16,151 INFO L290 TraceCheckUtils]: 163: Hoare triple {29871#false} ~handle := #in~handle;~value := #in~value; {29871#false} is VALID [2022-02-20 18:06:16,151 INFO L290 TraceCheckUtils]: 164: Hoare triple {29871#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29871#false} is VALID [2022-02-20 18:06:16,151 INFO L290 TraceCheckUtils]: 165: Hoare triple {29871#false} assume true; {29871#false} is VALID [2022-02-20 18:06:16,151 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {29871#false} {29871#false} #1659#return; {29871#false} is VALID [2022-02-20 18:06:16,151 INFO L290 TraceCheckUtils]: 167: Hoare triple {29871#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {29871#false} is VALID [2022-02-20 18:06:16,152 INFO L290 TraceCheckUtils]: 168: Hoare triple {29871#false} assume 0 != ~in_encrypted~0; {29871#false} is VALID [2022-02-20 18:06:16,152 INFO L272 TraceCheckUtils]: 169: Hoare triple {29871#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {29871#false} is VALID [2022-02-20 18:06:16,152 INFO L290 TraceCheckUtils]: 170: Hoare triple {29871#false} ~handle := #in~handle;havoc ~retValue_acc~6; {29871#false} is VALID [2022-02-20 18:06:16,152 INFO L290 TraceCheckUtils]: 171: Hoare triple {29871#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {29871#false} is VALID [2022-02-20 18:06:16,152 INFO L290 TraceCheckUtils]: 172: Hoare triple {29871#false} assume true; {29871#false} is VALID [2022-02-20 18:06:16,152 INFO L284 TraceCheckUtils]: 173: Hoare quadruple {29871#false} {29871#false} #1661#return; {29871#false} is VALID [2022-02-20 18:06:16,152 INFO L290 TraceCheckUtils]: 174: Hoare triple {29871#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {29871#false} is VALID [2022-02-20 18:06:16,152 INFO L290 TraceCheckUtils]: 175: Hoare triple {29871#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {29871#false} is VALID [2022-02-20 18:06:16,153 INFO L290 TraceCheckUtils]: 176: Hoare triple {29871#false} assume !false; {29871#false} is VALID [2022-02-20 18:06:16,153 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2022-02-20 18:06:16,154 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:16,154 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1054450855] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:16,154 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:06:16,154 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [12] total 18 [2022-02-20 18:06:16,154 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1315877073] [2022-02-20 18:06:16,154 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:16,155 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 177 [2022-02-20 18:06:16,155 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:16,156 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:06:16,292 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 156 edges. 156 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:16,293 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:06:16,293 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:16,293 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:06:16,294 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=267, Unknown=0, NotChecked=0, Total=306 [2022-02-20 18:06:16,294 INFO L87 Difference]: Start difference. First operand 684 states and 998 transitions. Second operand has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:06:19,026 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:19,026 INFO L93 Difference]: Finished difference Result 1315 states and 1933 transitions. [2022-02-20 18:06:19,026 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:06:19,026 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) Word has length 177 [2022-02-20 18:06:19,027 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:19,027 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:06:19,061 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1635 transitions. [2022-02-20 18:06:19,062 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:06:19,085 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 1635 transitions. [2022-02-20 18:06:19,085 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 1635 transitions. [2022-02-20 18:06:20,216 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1635 edges. 1635 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:20,246 INFO L225 Difference]: With dead ends: 1315 [2022-02-20 18:06:20,246 INFO L226 Difference]: Without dead ends: 686 [2022-02-20 18:06:20,272 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 231 GetRequests, 212 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 18 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=51, Invalid=369, Unknown=0, NotChecked=0, Total=420 [2022-02-20 18:06:20,273 INFO L933 BasicCegarLoop]: 837 mSDtfsCounter, 363 mSDsluCounter, 4613 mSDsCounter, 0 mSdLazyCounter, 75 mSolverCounterSat, 44 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 365 SdHoareTripleChecker+Valid, 5450 SdHoareTripleChecker+Invalid, 119 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 44 IncrementalHoareTripleChecker+Valid, 75 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:20,274 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [365 Valid, 5450 Invalid, 119 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [44 Valid, 75 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:06:20,275 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 686 states. [2022-02-20 18:06:20,433 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 686 to 686. [2022-02-20 18:06:20,433 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:20,434 INFO L82 GeneralOperation]: Start isEquivalent. First operand 686 states. Second operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 535 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 18:06:20,435 INFO L74 IsIncluded]: Start isIncluded. First operand 686 states. Second operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 535 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 18:06:20,457 INFO L87 Difference]: Start difference. First operand 686 states. Second operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 535 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 18:06:20,495 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:20,495 INFO L93 Difference]: Finished difference Result 686 states and 1001 transitions. [2022-02-20 18:06:20,495 INFO L276 IsEmpty]: Start isEmpty. Operand 686 states and 1001 transitions. [2022-02-20 18:06:20,497 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:20,497 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:20,498 INFO L74 IsIncluded]: Start isIncluded. First operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 535 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) Second operand 686 states. [2022-02-20 18:06:20,499 INFO L87 Difference]: Start difference. First operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 535 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) Second operand 686 states. [2022-02-20 18:06:20,531 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:20,547 INFO L93 Difference]: Finished difference Result 686 states and 1001 transitions. [2022-02-20 18:06:20,547 INFO L276 IsEmpty]: Start isEmpty. Operand 686 states and 1001 transitions. [2022-02-20 18:06:20,567 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:20,567 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:20,567 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:20,567 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:20,569 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 686 states, 523 states have (on average 1.4646271510516253) internal successors, (766), 535 states have internal predecessors, (766), 117 states have call successors, (117), 44 states have call predecessors, (117), 45 states have return successors, (118), 115 states have call predecessors, (118), 116 states have call successors, (118) [2022-02-20 18:06:20,594 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 686 states to 686 states and 1001 transitions. [2022-02-20 18:06:20,594 INFO L78 Accepts]: Start accepts. Automaton has 686 states and 1001 transitions. Word has length 177 [2022-02-20 18:06:20,594 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:20,595 INFO L470 AbstractCegarLoop]: Abstraction has 686 states and 1001 transitions. [2022-02-20 18:06:20,595 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 6 states have (on average 17.5) internal successors, (105), 8 states have internal predecessors, (105), 4 states have call successors, (28), 2 states have call predecessors, (28), 4 states have return successors, (23), 3 states have call predecessors, (23), 4 states have call successors, (23) [2022-02-20 18:06:20,595 INFO L276 IsEmpty]: Start isEmpty. Operand 686 states and 1001 transitions. [2022-02-20 18:06:20,597 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 179 [2022-02-20 18:06:20,597 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:20,597 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:20,626 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:20,813 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:06:20,814 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:20,814 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:20,815 INFO L85 PathProgramCache]: Analyzing trace with hash 555030901, now seen corresponding path program 1 times [2022-02-20 18:06:20,815 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:20,815 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [754652683] [2022-02-20 18:06:20,815 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:20,815 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:20,848 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,867 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:06:20,869 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,871 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:20,871 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,871 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34649#true} {34649#true} #1733#return; {34649#true} is VALID [2022-02-20 18:06:20,872 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:06:20,873 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,875 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:20,875 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,875 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34649#true} {34649#true} #1735#return; {34649#true} is VALID [2022-02-20 18:06:20,875 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:06:20,876 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,878 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:20,878 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,878 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34649#true} {34649#true} #1737#return; {34649#true} is VALID [2022-02-20 18:06:20,878 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:06:20,880 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,881 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:20,881 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,881 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34649#true} {34649#true} #1739#return; {34649#true} is VALID [2022-02-20 18:06:20,881 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:06:20,883 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,884 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:20,884 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,884 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34649#true} {34649#true} #1741#return; {34649#true} is VALID [2022-02-20 18:06:20,885 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:06:20,886 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,888 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:20,888 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,888 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34649#true} {34649#true} #1743#return; {34649#true} is VALID [2022-02-20 18:06:20,888 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:06:20,889 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,891 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:20,891 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,891 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34649#true} {34649#true} #1745#return; {34649#true} is VALID [2022-02-20 18:06:20,891 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:06:20,893 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,894 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:20,895 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,895 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34649#true} {34649#true} #1747#return; {34649#true} is VALID [2022-02-20 18:06:20,900 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:06:20,901 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,904 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:20,904 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,906 INFO L290 TraceCheckUtils]: 0: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:20,906 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:20,906 INFO L290 TraceCheckUtils]: 2: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,906 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34649#true} {34649#true} #1731#return; {34649#true} is VALID [2022-02-20 18:06:20,906 INFO L290 TraceCheckUtils]: 0: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {34649#true} is VALID [2022-02-20 18:06:20,907 INFO L272 TraceCheckUtils]: 1: Hoare triple {34649#true} call setClientId(~bob___0, ~bob___0); {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:20,907 INFO L290 TraceCheckUtils]: 2: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:20,907 INFO L290 TraceCheckUtils]: 3: Hoare triple {34649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:20,907 INFO L290 TraceCheckUtils]: 4: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,908 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {34649#true} {34649#true} #1731#return; {34649#true} is VALID [2022-02-20 18:06:20,908 INFO L290 TraceCheckUtils]: 6: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,908 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {34649#true} {34649#true} #1749#return; {34649#true} is VALID [2022-02-20 18:06:20,913 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:06:20,915 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,916 INFO L290 TraceCheckUtils]: 0: Hoare triple {34743#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:20,917 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:20,917 INFO L290 TraceCheckUtils]: 2: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,917 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34649#true} {34649#true} #1751#return; {34649#true} is VALID [2022-02-20 18:06:20,917 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:06:20,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,932 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:20,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,947 INFO L290 TraceCheckUtils]: 0: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34751#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:20,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {34751#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34751#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:20,948 INFO L290 TraceCheckUtils]: 2: Hoare triple {34751#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34752#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:20,949 INFO L290 TraceCheckUtils]: 3: Hoare triple {34752#(= 2 |setClientId_#in~handle|)} assume true; {34752#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:20,949 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {34752#(= 2 |setClientId_#in~handle|)} {34744#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {34750#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:20,950 INFO L290 TraceCheckUtils]: 0: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {34744#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:20,951 INFO L272 TraceCheckUtils]: 1: Hoare triple {34744#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:20,951 INFO L290 TraceCheckUtils]: 2: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34751#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:20,951 INFO L290 TraceCheckUtils]: 3: Hoare triple {34751#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34751#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:20,952 INFO L290 TraceCheckUtils]: 4: Hoare triple {34751#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34752#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:20,952 INFO L290 TraceCheckUtils]: 5: Hoare triple {34752#(= 2 |setClientId_#in~handle|)} assume true; {34752#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:20,953 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {34752#(= 2 |setClientId_#in~handle|)} {34744#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {34750#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:20,953 INFO L290 TraceCheckUtils]: 7: Hoare triple {34750#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {34750#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:20,954 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {34750#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {34649#true} #1755#return; {34696#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 18:06:20,954 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:06:20,956 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {34743#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34753#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:06:20,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {34753#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34754#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:06:20,973 INFO L290 TraceCheckUtils]: 2: Hoare triple {34754#(= |setClientPrivateKey_#in~handle| 1)} assume true; {34754#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:06:20,974 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34754#(= |setClientPrivateKey_#in~handle| 1)} {34696#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1757#return; {34650#false} is VALID [2022-02-20 18:06:20,974 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:06:20,976 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,978 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:06:20,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,981 INFO L290 TraceCheckUtils]: 0: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:20,981 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:20,981 INFO L290 TraceCheckUtils]: 2: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,981 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34649#true} {34649#true} #1625#return; {34649#true} is VALID [2022-02-20 18:06:20,981 INFO L290 TraceCheckUtils]: 0: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {34649#true} is VALID [2022-02-20 18:06:20,982 INFO L272 TraceCheckUtils]: 1: Hoare triple {34649#true} call setClientId(~chuck___0, ~chuck___0); {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:20,982 INFO L290 TraceCheckUtils]: 2: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:20,982 INFO L290 TraceCheckUtils]: 3: Hoare triple {34649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:20,982 INFO L290 TraceCheckUtils]: 4: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,983 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {34649#true} {34649#true} #1625#return; {34649#true} is VALID [2022-02-20 18:06:20,983 INFO L290 TraceCheckUtils]: 6: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,983 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {34649#true} {34650#false} #1761#return; {34650#false} is VALID [2022-02-20 18:06:20,983 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:06:20,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,986 INFO L290 TraceCheckUtils]: 0: Hoare triple {34743#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:20,987 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:20,987 INFO L290 TraceCheckUtils]: 2: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,987 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34649#true} {34650#false} #1763#return; {34650#false} is VALID [2022-02-20 18:06:20,995 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 18:06:20,996 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,998 INFO L290 TraceCheckUtils]: 0: Hoare triple {34759#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:20,998 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:20,998 INFO L290 TraceCheckUtils]: 2: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:20,998 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34649#true} {34650#false} #1647#return; {34650#false} is VALID [2022-02-20 18:06:21,008 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:06:21,011 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:21,013 INFO L290 TraceCheckUtils]: 0: Hoare triple {34760#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:21,014 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:21,014 INFO L290 TraceCheckUtils]: 2: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,014 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34649#true} {34650#false} #1649#return; {34650#false} is VALID [2022-02-20 18:06:21,014 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 145 [2022-02-20 18:06:21,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:21,017 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} ~handle := #in~handle;havoc ~retValue_acc~3; {34649#true} is VALID [2022-02-20 18:06:21,017 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {34649#true} is VALID [2022-02-20 18:06:21,017 INFO L290 TraceCheckUtils]: 2: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,017 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34649#true} {34650#false} #1613#return; {34650#false} is VALID [2022-02-20 18:06:21,018 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 151 [2022-02-20 18:06:21,019 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:21,020 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {34649#true} is VALID [2022-02-20 18:06:21,021 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume 1 == ~handle; {34649#true} is VALID [2022-02-20 18:06:21,021 INFO L290 TraceCheckUtils]: 2: Hoare triple {34649#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {34649#true} is VALID [2022-02-20 18:06:21,021 INFO L290 TraceCheckUtils]: 3: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,021 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {34649#true} {34650#false} #1615#return; {34650#false} is VALID [2022-02-20 18:06:21,021 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 163 [2022-02-20 18:06:21,022 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:21,024 INFO L290 TraceCheckUtils]: 0: Hoare triple {34759#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:21,024 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:21,024 INFO L290 TraceCheckUtils]: 2: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,025 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34649#true} {34650#false} #1659#return; {34650#false} is VALID [2022-02-20 18:06:21,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 170 [2022-02-20 18:06:21,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:21,027 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} ~handle := #in~handle;havoc ~retValue_acc~6; {34649#true} is VALID [2022-02-20 18:06:21,027 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {34649#true} is VALID [2022-02-20 18:06:21,027 INFO L290 TraceCheckUtils]: 2: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,027 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {34649#true} {34650#false} #1661#return; {34650#false} is VALID [2022-02-20 18:06:21,028 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {34649#true} is VALID [2022-02-20 18:06:21,028 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {34649#true} is VALID [2022-02-20 18:06:21,028 INFO L290 TraceCheckUtils]: 2: Hoare triple {34649#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {34649#true} is VALID [2022-02-20 18:06:21,028 INFO L272 TraceCheckUtils]: 3: Hoare triple {34649#true} call select_features_#t~ret96#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,028 INFO L290 TraceCheckUtils]: 4: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,028 INFO L290 TraceCheckUtils]: 5: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,028 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {34649#true} {34649#true} #1733#return; {34649#true} is VALID [2022-02-20 18:06:21,028 INFO L290 TraceCheckUtils]: 7: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {34649#true} is VALID [2022-02-20 18:06:21,029 INFO L272 TraceCheckUtils]: 8: Hoare triple {34649#true} call select_features_#t~ret97#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,029 INFO L290 TraceCheckUtils]: 9: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,029 INFO L290 TraceCheckUtils]: 10: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,029 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {34649#true} {34649#true} #1735#return; {34649#true} is VALID [2022-02-20 18:06:21,029 INFO L290 TraceCheckUtils]: 12: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {34649#true} is VALID [2022-02-20 18:06:21,029 INFO L272 TraceCheckUtils]: 13: Hoare triple {34649#true} call select_features_#t~ret98#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,029 INFO L290 TraceCheckUtils]: 14: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,029 INFO L290 TraceCheckUtils]: 15: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,029 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {34649#true} {34649#true} #1737#return; {34649#true} is VALID [2022-02-20 18:06:21,029 INFO L290 TraceCheckUtils]: 17: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {34649#true} is VALID [2022-02-20 18:06:21,030 INFO L272 TraceCheckUtils]: 18: Hoare triple {34649#true} call select_features_#t~ret99#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,030 INFO L290 TraceCheckUtils]: 19: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,030 INFO L290 TraceCheckUtils]: 20: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,030 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {34649#true} {34649#true} #1739#return; {34649#true} is VALID [2022-02-20 18:06:21,030 INFO L290 TraceCheckUtils]: 22: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {34649#true} is VALID [2022-02-20 18:06:21,030 INFO L272 TraceCheckUtils]: 23: Hoare triple {34649#true} call select_features_#t~ret100#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,030 INFO L290 TraceCheckUtils]: 24: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,030 INFO L290 TraceCheckUtils]: 25: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,030 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {34649#true} {34649#true} #1741#return; {34649#true} is VALID [2022-02-20 18:06:21,031 INFO L290 TraceCheckUtils]: 27: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {34649#true} is VALID [2022-02-20 18:06:21,031 INFO L272 TraceCheckUtils]: 28: Hoare triple {34649#true} call select_features_#t~ret101#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,031 INFO L290 TraceCheckUtils]: 29: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,031 INFO L290 TraceCheckUtils]: 30: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,031 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {34649#true} {34649#true} #1743#return; {34649#true} is VALID [2022-02-20 18:06:21,031 INFO L290 TraceCheckUtils]: 32: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {34649#true} is VALID [2022-02-20 18:06:21,031 INFO L272 TraceCheckUtils]: 33: Hoare triple {34649#true} call select_features_#t~ret102#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,031 INFO L290 TraceCheckUtils]: 34: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,031 INFO L290 TraceCheckUtils]: 35: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,032 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {34649#true} {34649#true} #1745#return; {34649#true} is VALID [2022-02-20 18:06:21,032 INFO L290 TraceCheckUtils]: 37: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {34649#true} is VALID [2022-02-20 18:06:21,032 INFO L272 TraceCheckUtils]: 38: Hoare triple {34649#true} call select_features_#t~ret103#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,032 INFO L290 TraceCheckUtils]: 39: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,032 INFO L290 TraceCheckUtils]: 40: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,032 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {34649#true} {34649#true} #1747#return; {34649#true} is VALID [2022-02-20 18:06:21,032 INFO L290 TraceCheckUtils]: 42: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {34649#true} is VALID [2022-02-20 18:06:21,032 INFO L290 TraceCheckUtils]: 43: Hoare triple {34649#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {34649#true} is VALID [2022-02-20 18:06:21,032 INFO L290 TraceCheckUtils]: 44: Hoare triple {34649#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {34649#true} is VALID [2022-02-20 18:06:21,033 INFO L290 TraceCheckUtils]: 45: Hoare triple {34649#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {34649#true} is VALID [2022-02-20 18:06:21,033 INFO L290 TraceCheckUtils]: 46: Hoare triple {34649#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {34649#true} is VALID [2022-02-20 18:06:21,033 INFO L290 TraceCheckUtils]: 47: Hoare triple {34649#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {34649#true} is VALID [2022-02-20 18:06:21,033 INFO L290 TraceCheckUtils]: 48: Hoare triple {34649#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {34649#true} is VALID [2022-02-20 18:06:21,033 INFO L290 TraceCheckUtils]: 49: Hoare triple {34649#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {34649#true} is VALID [2022-02-20 18:06:21,033 INFO L290 TraceCheckUtils]: 50: Hoare triple {34649#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {34649#true} is VALID [2022-02-20 18:06:21,033 INFO L290 TraceCheckUtils]: 51: Hoare triple {34649#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {34649#true} is VALID [2022-02-20 18:06:21,033 INFO L290 TraceCheckUtils]: 52: Hoare triple {34649#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {34649#true} is VALID [2022-02-20 18:06:21,033 INFO L290 TraceCheckUtils]: 53: Hoare triple {34649#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~20#1 := 1; {34649#true} is VALID [2022-02-20 18:06:21,034 INFO L290 TraceCheckUtils]: 54: Hoare triple {34649#true} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {34649#true} is VALID [2022-02-20 18:06:21,034 INFO L290 TraceCheckUtils]: 55: Hoare triple {34649#true} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {34649#true} is VALID [2022-02-20 18:06:21,034 INFO L290 TraceCheckUtils]: 56: Hoare triple {34649#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {34649#true} is VALID [2022-02-20 18:06:21,034 INFO L290 TraceCheckUtils]: 57: Hoare triple {34649#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {34649#true} is VALID [2022-02-20 18:06:21,035 INFO L272 TraceCheckUtils]: 58: Hoare triple {34649#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:21,035 INFO L290 TraceCheckUtils]: 59: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~bob___0 := #in~bob___0; {34649#true} is VALID [2022-02-20 18:06:21,035 INFO L272 TraceCheckUtils]: 60: Hoare triple {34649#true} call setClientId(~bob___0, ~bob___0); {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:21,035 INFO L290 TraceCheckUtils]: 61: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:21,036 INFO L290 TraceCheckUtils]: 62: Hoare triple {34649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:21,036 INFO L290 TraceCheckUtils]: 63: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,036 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {34649#true} {34649#true} #1731#return; {34649#true} is VALID [2022-02-20 18:06:21,036 INFO L290 TraceCheckUtils]: 65: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,036 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {34649#true} {34649#true} #1749#return; {34649#true} is VALID [2022-02-20 18:06:21,037 INFO L272 TraceCheckUtils]: 67: Hoare triple {34649#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {34743#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:21,037 INFO L290 TraceCheckUtils]: 68: Hoare triple {34743#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:21,037 INFO L290 TraceCheckUtils]: 69: Hoare triple {34649#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:21,037 INFO L290 TraceCheckUtils]: 70: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,037 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {34649#true} {34649#true} #1751#return; {34649#true} is VALID [2022-02-20 18:06:21,037 INFO L290 TraceCheckUtils]: 72: Hoare triple {34649#true} assume { :end_inline_setup_bob__role__Keys } true; {34649#true} is VALID [2022-02-20 18:06:21,037 INFO L290 TraceCheckUtils]: 73: Hoare triple {34649#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {34649#true} is VALID [2022-02-20 18:06:21,038 INFO L290 TraceCheckUtils]: 74: Hoare triple {34649#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {34649#true} is VALID [2022-02-20 18:06:21,038 INFO L272 TraceCheckUtils]: 75: Hoare triple {34649#true} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:21,039 INFO L290 TraceCheckUtils]: 76: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~rjh___0 := #in~rjh___0; {34744#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:21,039 INFO L272 TraceCheckUtils]: 77: Hoare triple {34744#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} call setClientId(~rjh___0, ~rjh___0); {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:21,040 INFO L290 TraceCheckUtils]: 78: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34751#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:21,040 INFO L290 TraceCheckUtils]: 79: Hoare triple {34751#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {34751#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:21,040 INFO L290 TraceCheckUtils]: 80: Hoare triple {34751#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34752#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:21,041 INFO L290 TraceCheckUtils]: 81: Hoare triple {34752#(= 2 |setClientId_#in~handle|)} assume true; {34752#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:06:21,041 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {34752#(= 2 |setClientId_#in~handle|)} {34744#(= setup_rjh__before__Keys_~rjh___0 |setup_rjh__before__Keys_#in~rjh___0|)} #1683#return; {34750#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:21,042 INFO L290 TraceCheckUtils]: 83: Hoare triple {34750#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} assume true; {34750#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} is VALID [2022-02-20 18:06:21,042 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {34750#(= 2 |setup_rjh__before__Keys_#in~rjh___0|)} {34649#true} #1755#return; {34696#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} is VALID [2022-02-20 18:06:21,043 INFO L272 TraceCheckUtils]: 85: Hoare triple {34696#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {34743#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:21,043 INFO L290 TraceCheckUtils]: 86: Hoare triple {34743#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34753#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:06:21,043 INFO L290 TraceCheckUtils]: 87: Hoare triple {34753#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34754#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:06:21,044 INFO L290 TraceCheckUtils]: 88: Hoare triple {34754#(= |setClientPrivateKey_#in~handle| 1)} assume true; {34754#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:06:21,044 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {34754#(= |setClientPrivateKey_#in~handle| 1)} {34696#(not (= |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1| 1))} #1757#return; {34650#false} is VALID [2022-02-20 18:06:21,044 INFO L290 TraceCheckUtils]: 90: Hoare triple {34650#false} assume { :end_inline_setup_rjh__role__Keys } true; {34650#false} is VALID [2022-02-20 18:06:21,044 INFO L290 TraceCheckUtils]: 91: Hoare triple {34650#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {34650#false} is VALID [2022-02-20 18:06:21,044 INFO L290 TraceCheckUtils]: 92: Hoare triple {34650#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {34650#false} is VALID [2022-02-20 18:06:21,044 INFO L272 TraceCheckUtils]: 93: Hoare triple {34650#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:21,045 INFO L290 TraceCheckUtils]: 94: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~chuck___0 := #in~chuck___0; {34649#true} is VALID [2022-02-20 18:06:21,045 INFO L272 TraceCheckUtils]: 95: Hoare triple {34649#true} call setClientId(~chuck___0, ~chuck___0); {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:06:21,045 INFO L290 TraceCheckUtils]: 96: Hoare triple {34738#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:21,045 INFO L290 TraceCheckUtils]: 97: Hoare triple {34649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:21,045 INFO L290 TraceCheckUtils]: 98: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,046 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {34649#true} {34649#true} #1625#return; {34649#true} is VALID [2022-02-20 18:06:21,046 INFO L290 TraceCheckUtils]: 100: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,046 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {34649#true} {34650#false} #1761#return; {34650#false} is VALID [2022-02-20 18:06:21,046 INFO L272 TraceCheckUtils]: 102: Hoare triple {34650#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {34743#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:06:21,046 INFO L290 TraceCheckUtils]: 103: Hoare triple {34743#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:21,046 INFO L290 TraceCheckUtils]: 104: Hoare triple {34649#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:21,046 INFO L290 TraceCheckUtils]: 105: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,046 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {34649#true} {34650#false} #1763#return; {34650#false} is VALID [2022-02-20 18:06:21,046 INFO L290 TraceCheckUtils]: 107: Hoare triple {34650#false} assume { :end_inline_setup_chuck__role__Keys } true; {34650#false} is VALID [2022-02-20 18:06:21,046 INFO L290 TraceCheckUtils]: 108: Hoare triple {34650#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {34650#false} is VALID [2022-02-20 18:06:21,047 INFO L290 TraceCheckUtils]: 109: Hoare triple {34650#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {34650#false} is VALID [2022-02-20 18:06:21,047 INFO L290 TraceCheckUtils]: 110: Hoare triple {34650#false} assume !false; {34650#false} is VALID [2022-02-20 18:06:21,047 INFO L290 TraceCheckUtils]: 111: Hoare triple {34650#false} assume test_~splverifierCounter~0#1 < 4; {34650#false} is VALID [2022-02-20 18:06:21,047 INFO L290 TraceCheckUtils]: 112: Hoare triple {34650#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {34650#false} is VALID [2022-02-20 18:06:21,047 INFO L290 TraceCheckUtils]: 113: Hoare triple {34650#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {34650#false} is VALID [2022-02-20 18:06:21,047 INFO L290 TraceCheckUtils]: 114: Hoare triple {34650#false} assume !(0 != test_~tmp___9~0#1); {34650#false} is VALID [2022-02-20 18:06:21,047 INFO L290 TraceCheckUtils]: 115: Hoare triple {34650#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {34650#false} is VALID [2022-02-20 18:06:21,047 INFO L290 TraceCheckUtils]: 116: Hoare triple {34650#false} assume 0 != test_~tmp___8~0#1; {34650#false} is VALID [2022-02-20 18:06:21,047 INFO L290 TraceCheckUtils]: 117: Hoare triple {34650#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {34650#false} is VALID [2022-02-20 18:06:21,048 INFO L290 TraceCheckUtils]: 118: Hoare triple {34650#false} test_~op2~0#1 := 1; {34650#false} is VALID [2022-02-20 18:06:21,048 INFO L290 TraceCheckUtils]: 119: Hoare triple {34650#false} assume !false; {34650#false} is VALID [2022-02-20 18:06:21,048 INFO L290 TraceCheckUtils]: 120: Hoare triple {34650#false} assume !(test_~splverifierCounter~0#1 < 4); {34650#false} is VALID [2022-02-20 18:06:21,048 INFO L290 TraceCheckUtils]: 121: Hoare triple {34650#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {34650#false} is VALID [2022-02-20 18:06:21,048 INFO L272 TraceCheckUtils]: 122: Hoare triple {34650#false} call sendEmail(~bob~0, ~rjh~0); {34650#false} is VALID [2022-02-20 18:06:21,048 INFO L290 TraceCheckUtils]: 123: Hoare triple {34650#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {34650#false} is VALID [2022-02-20 18:06:21,048 INFO L272 TraceCheckUtils]: 124: Hoare triple {34650#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {34759#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:21,048 INFO L290 TraceCheckUtils]: 125: Hoare triple {34759#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:21,048 INFO L290 TraceCheckUtils]: 126: Hoare triple {34649#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:21,049 INFO L290 TraceCheckUtils]: 127: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,049 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {34649#true} {34650#false} #1647#return; {34650#false} is VALID [2022-02-20 18:06:21,049 INFO L272 TraceCheckUtils]: 129: Hoare triple {34650#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {34760#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:06:21,049 INFO L290 TraceCheckUtils]: 130: Hoare triple {34760#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:21,049 INFO L290 TraceCheckUtils]: 131: Hoare triple {34649#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:21,049 INFO L290 TraceCheckUtils]: 132: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,049 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {34649#true} {34650#false} #1649#return; {34650#false} is VALID [2022-02-20 18:06:21,049 INFO L290 TraceCheckUtils]: 134: Hoare triple {34650#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {34650#false} is VALID [2022-02-20 18:06:21,050 INFO L290 TraceCheckUtils]: 135: Hoare triple {34650#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {34650#false} is VALID [2022-02-20 18:06:21,050 INFO L272 TraceCheckUtils]: 136: Hoare triple {34650#false} call outgoing(~sender#1, ~email~0#1); {34650#false} is VALID [2022-02-20 18:06:21,050 INFO L290 TraceCheckUtils]: 137: Hoare triple {34650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34650#false} is VALID [2022-02-20 18:06:21,050 INFO L290 TraceCheckUtils]: 138: Hoare triple {34650#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {34650#false} is VALID [2022-02-20 18:06:21,050 INFO L272 TraceCheckUtils]: 139: Hoare triple {34650#false} call outgoing__before__Sign(~client#1, ~msg#1); {34650#false} is VALID [2022-02-20 18:06:21,050 INFO L290 TraceCheckUtils]: 140: Hoare triple {34650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34650#false} is VALID [2022-02-20 18:06:21,050 INFO L290 TraceCheckUtils]: 141: Hoare triple {34650#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {34650#false} is VALID [2022-02-20 18:06:21,050 INFO L272 TraceCheckUtils]: 142: Hoare triple {34650#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {34650#false} is VALID [2022-02-20 18:06:21,051 INFO L290 TraceCheckUtils]: 143: Hoare triple {34650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34650#false} is VALID [2022-02-20 18:06:21,051 INFO L290 TraceCheckUtils]: 144: Hoare triple {34650#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret18#1, outgoing__role__Encrypt_#t~ret19#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~3#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~1#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~3#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~1#1; {34650#false} is VALID [2022-02-20 18:06:21,051 INFO L272 TraceCheckUtils]: 145: Hoare triple {34650#false} call outgoing__role__Encrypt_#t~ret18#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {34649#true} is VALID [2022-02-20 18:06:21,051 INFO L290 TraceCheckUtils]: 146: Hoare triple {34649#true} ~handle := #in~handle;havoc ~retValue_acc~3; {34649#true} is VALID [2022-02-20 18:06:21,051 INFO L290 TraceCheckUtils]: 147: Hoare triple {34649#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {34649#true} is VALID [2022-02-20 18:06:21,051 INFO L290 TraceCheckUtils]: 148: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,051 INFO L284 TraceCheckUtils]: 149: Hoare quadruple {34649#true} {34650#false} #1613#return; {34650#false} is VALID [2022-02-20 18:06:21,052 INFO L290 TraceCheckUtils]: 150: Hoare triple {34650#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret18#1 && outgoing__role__Encrypt_#t~ret18#1 <= 2147483647;outgoing__role__Encrypt_~tmp~3#1 := outgoing__role__Encrypt_#t~ret18#1;havoc outgoing__role__Encrypt_#t~ret18#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~3#1; {34650#false} is VALID [2022-02-20 18:06:21,052 INFO L272 TraceCheckUtils]: 151: Hoare triple {34650#false} call outgoing__role__Encrypt_#t~ret19#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {34649#true} is VALID [2022-02-20 18:06:21,052 INFO L290 TraceCheckUtils]: 152: Hoare triple {34649#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {34649#true} is VALID [2022-02-20 18:06:21,052 INFO L290 TraceCheckUtils]: 153: Hoare triple {34649#true} assume 1 == ~handle; {34649#true} is VALID [2022-02-20 18:06:21,052 INFO L290 TraceCheckUtils]: 154: Hoare triple {34649#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {34649#true} is VALID [2022-02-20 18:06:21,052 INFO L290 TraceCheckUtils]: 155: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,052 INFO L284 TraceCheckUtils]: 156: Hoare quadruple {34649#true} {34650#false} #1615#return; {34650#false} is VALID [2022-02-20 18:06:21,052 INFO L290 TraceCheckUtils]: 157: Hoare triple {34650#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret19#1 && outgoing__role__Encrypt_#t~ret19#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~1#1 := outgoing__role__Encrypt_#t~ret19#1;havoc outgoing__role__Encrypt_#t~ret19#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~1#1; {34650#false} is VALID [2022-02-20 18:06:21,053 INFO L290 TraceCheckUtils]: 158: Hoare triple {34650#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {34650#false} is VALID [2022-02-20 18:06:21,053 INFO L272 TraceCheckUtils]: 159: Hoare triple {34650#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {34650#false} is VALID [2022-02-20 18:06:21,053 INFO L290 TraceCheckUtils]: 160: Hoare triple {34650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {34650#false} is VALID [2022-02-20 18:06:21,053 INFO L290 TraceCheckUtils]: 161: Hoare triple {34650#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {34650#false} is VALID [2022-02-20 18:06:21,053 INFO L290 TraceCheckUtils]: 162: Hoare triple {34650#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {34650#false} is VALID [2022-02-20 18:06:21,053 INFO L272 TraceCheckUtils]: 163: Hoare triple {34650#false} call setEmailFrom(~msg#1, ~tmp~2#1); {34759#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:06:21,053 INFO L290 TraceCheckUtils]: 164: Hoare triple {34759#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:21,054 INFO L290 TraceCheckUtils]: 165: Hoare triple {34649#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:21,054 INFO L290 TraceCheckUtils]: 166: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,054 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {34649#true} {34650#false} #1659#return; {34650#false} is VALID [2022-02-20 18:06:21,054 INFO L290 TraceCheckUtils]: 168: Hoare triple {34650#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {34650#false} is VALID [2022-02-20 18:06:21,054 INFO L290 TraceCheckUtils]: 169: Hoare triple {34650#false} assume 0 != ~in_encrypted~0; {34650#false} is VALID [2022-02-20 18:06:21,054 INFO L272 TraceCheckUtils]: 170: Hoare triple {34650#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {34649#true} is VALID [2022-02-20 18:06:21,054 INFO L290 TraceCheckUtils]: 171: Hoare triple {34649#true} ~handle := #in~handle;havoc ~retValue_acc~6; {34649#true} is VALID [2022-02-20 18:06:21,054 INFO L290 TraceCheckUtils]: 172: Hoare triple {34649#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {34649#true} is VALID [2022-02-20 18:06:21,055 INFO L290 TraceCheckUtils]: 173: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,055 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {34649#true} {34650#false} #1661#return; {34650#false} is VALID [2022-02-20 18:06:21,055 INFO L290 TraceCheckUtils]: 175: Hoare triple {34650#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {34650#false} is VALID [2022-02-20 18:06:21,055 INFO L290 TraceCheckUtils]: 176: Hoare triple {34650#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {34650#false} is VALID [2022-02-20 18:06:21,055 INFO L290 TraceCheckUtils]: 177: Hoare triple {34650#false} assume !false; {34650#false} is VALID [2022-02-20 18:06:21,056 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 102 trivial. 0 not checked. [2022-02-20 18:06:21,056 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:21,056 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [754652683] [2022-02-20 18:06:21,056 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [754652683] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:06:21,056 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [600605838] [2022-02-20 18:06:21,056 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:21,057 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:06:21,057 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:06:21,065 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:06:21,066 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:06:21,337 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:21,342 INFO L263 TraceCheckSpWp]: Trace formula consists of 1475 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:06:21,406 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:21,410 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:21,908 INFO L290 TraceCheckUtils]: 0: Hoare triple {34649#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(35, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(21, 10);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(17, 32);call #Ultimate.allocInit(13, 33);call #Ultimate.allocInit(17, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(12, 36);call #Ultimate.allocInit(10, 37);call #Ultimate.allocInit(18, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(21, 40);call #Ultimate.allocInit(13, 41);call #Ultimate.allocInit(16, 42);call #Ultimate.allocInit(25, 43);call #Ultimate.allocInit(4, 44);call write~init~int(37, 44, 0, 1);call write~init~int(115, 44, 1, 1);call write~init~int(10, 44, 2, 1);call write~init~int(0, 44, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~in_encrypted~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {34649#true} is VALID [2022-02-20 18:06:21,909 INFO L290 TraceCheckUtils]: 1: Hoare triple {34649#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret54#1, main_~retValue_acc~16#1, main_~tmp~14#1;havoc main_~retValue_acc~16#1;havoc main_~tmp~14#1;assume { :begin_inline_select_helpers } true;~__GUIDSL_ROOT_PRODUCTION~0 := 1; {34649#true} is VALID [2022-02-20 18:06:21,909 INFO L290 TraceCheckUtils]: 2: Hoare triple {34649#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true;havoc select_features_#t~ret96#1, select_features_#t~ret97#1, select_features_#t~ret98#1, select_features_#t~ret99#1, select_features_#t~ret100#1, select_features_#t~ret101#1, select_features_#t~ret102#1, select_features_#t~ret103#1; {34649#true} is VALID [2022-02-20 18:06:21,909 INFO L272 TraceCheckUtils]: 3: Hoare triple {34649#true} call select_features_#t~ret96#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,909 INFO L290 TraceCheckUtils]: 4: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,909 INFO L290 TraceCheckUtils]: 5: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,909 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {34649#true} {34649#true} #1733#return; {34649#true} is VALID [2022-02-20 18:06:21,909 INFO L290 TraceCheckUtils]: 7: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret96#1 && select_features_#t~ret96#1 <= 2147483647;~__SELECTED_FEATURE_Base~0 := select_features_#t~ret96#1;havoc select_features_#t~ret96#1; {34649#true} is VALID [2022-02-20 18:06:21,910 INFO L272 TraceCheckUtils]: 8: Hoare triple {34649#true} call select_features_#t~ret97#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,910 INFO L290 TraceCheckUtils]: 9: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,910 INFO L290 TraceCheckUtils]: 10: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,910 INFO L284 TraceCheckUtils]: 11: Hoare quadruple {34649#true} {34649#true} #1735#return; {34649#true} is VALID [2022-02-20 18:06:21,910 INFO L290 TraceCheckUtils]: 12: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret97#1 && select_features_#t~ret97#1 <= 2147483647;~__SELECTED_FEATURE_Keys~0 := select_features_#t~ret97#1;havoc select_features_#t~ret97#1;~__SELECTED_FEATURE_Encrypt~0 := 1; {34649#true} is VALID [2022-02-20 18:06:21,910 INFO L272 TraceCheckUtils]: 13: Hoare triple {34649#true} call select_features_#t~ret98#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,910 INFO L290 TraceCheckUtils]: 14: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,911 INFO L290 TraceCheckUtils]: 15: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,911 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {34649#true} {34649#true} #1737#return; {34649#true} is VALID [2022-02-20 18:06:21,911 INFO L290 TraceCheckUtils]: 17: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret98#1 && select_features_#t~ret98#1 <= 2147483647;~__SELECTED_FEATURE_AutoResponder~0 := select_features_#t~ret98#1;havoc select_features_#t~ret98#1; {34649#true} is VALID [2022-02-20 18:06:21,911 INFO L272 TraceCheckUtils]: 18: Hoare triple {34649#true} call select_features_#t~ret99#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,911 INFO L290 TraceCheckUtils]: 19: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,911 INFO L290 TraceCheckUtils]: 20: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,911 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {34649#true} {34649#true} #1739#return; {34649#true} is VALID [2022-02-20 18:06:21,912 INFO L290 TraceCheckUtils]: 22: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret99#1 && select_features_#t~ret99#1 <= 2147483647;~__SELECTED_FEATURE_AddressBook~0 := select_features_#t~ret99#1;havoc select_features_#t~ret99#1; {34649#true} is VALID [2022-02-20 18:06:21,912 INFO L272 TraceCheckUtils]: 23: Hoare triple {34649#true} call select_features_#t~ret100#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,912 INFO L290 TraceCheckUtils]: 24: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,912 INFO L290 TraceCheckUtils]: 25: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,912 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {34649#true} {34649#true} #1741#return; {34649#true} is VALID [2022-02-20 18:06:21,912 INFO L290 TraceCheckUtils]: 27: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret100#1 && select_features_#t~ret100#1 <= 2147483647;~__SELECTED_FEATURE_Sign~0 := select_features_#t~ret100#1;havoc select_features_#t~ret100#1; {34649#true} is VALID [2022-02-20 18:06:21,912 INFO L272 TraceCheckUtils]: 28: Hoare triple {34649#true} call select_features_#t~ret101#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,912 INFO L290 TraceCheckUtils]: 29: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,913 INFO L290 TraceCheckUtils]: 30: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,913 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {34649#true} {34649#true} #1743#return; {34649#true} is VALID [2022-02-20 18:06:21,913 INFO L290 TraceCheckUtils]: 32: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret101#1 && select_features_#t~ret101#1 <= 2147483647;~__SELECTED_FEATURE_Forward~0 := select_features_#t~ret101#1;havoc select_features_#t~ret101#1; {34649#true} is VALID [2022-02-20 18:06:21,913 INFO L272 TraceCheckUtils]: 33: Hoare triple {34649#true} call select_features_#t~ret102#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,913 INFO L290 TraceCheckUtils]: 34: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,913 INFO L290 TraceCheckUtils]: 35: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,913 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {34649#true} {34649#true} #1745#return; {34649#true} is VALID [2022-02-20 18:06:21,913 INFO L290 TraceCheckUtils]: 37: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret102#1 && select_features_#t~ret102#1 <= 2147483647;~__SELECTED_FEATURE_Verify~0 := select_features_#t~ret102#1;havoc select_features_#t~ret102#1; {34649#true} is VALID [2022-02-20 18:06:21,914 INFO L272 TraceCheckUtils]: 38: Hoare triple {34649#true} call select_features_#t~ret103#1 := select_one(); {34649#true} is VALID [2022-02-20 18:06:21,914 INFO L290 TraceCheckUtils]: 39: Hoare triple {34649#true} havoc ~retValue_acc~20;assume -2147483648 <= #t~nondet95 && #t~nondet95 <= 2147483647;~choice~0 := #t~nondet95;havoc #t~nondet95;~retValue_acc~20 := ~choice~0;#res := ~retValue_acc~20; {34649#true} is VALID [2022-02-20 18:06:21,914 INFO L290 TraceCheckUtils]: 40: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,914 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {34649#true} {34649#true} #1747#return; {34649#true} is VALID [2022-02-20 18:06:21,914 INFO L290 TraceCheckUtils]: 42: Hoare triple {34649#true} assume -2147483648 <= select_features_#t~ret103#1 && select_features_#t~ret103#1 <= 2147483647;~__SELECTED_FEATURE_Decrypt~0 := select_features_#t~ret103#1;havoc select_features_#t~ret103#1; {34649#true} is VALID [2022-02-20 18:06:21,914 INFO L290 TraceCheckUtils]: 43: Hoare triple {34649#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1, valid_product_~tmp~20#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~tmp~20#1; {34649#true} is VALID [2022-02-20 18:06:21,914 INFO L290 TraceCheckUtils]: 44: Hoare triple {34649#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {34649#true} is VALID [2022-02-20 18:06:21,915 INFO L290 TraceCheckUtils]: 45: Hoare triple {34649#true} assume 0 != ~__SELECTED_FEATURE_Decrypt~0; {34649#true} is VALID [2022-02-20 18:06:21,915 INFO L290 TraceCheckUtils]: 46: Hoare triple {34649#true} assume !(0 == ~__SELECTED_FEATURE_Decrypt~0); {34649#true} is VALID [2022-02-20 18:06:21,915 INFO L290 TraceCheckUtils]: 47: Hoare triple {34649#true} assume 0 != ~__SELECTED_FEATURE_Encrypt~0; {34649#true} is VALID [2022-02-20 18:06:21,915 INFO L290 TraceCheckUtils]: 48: Hoare triple {34649#true} assume !(0 == ~__SELECTED_FEATURE_Encrypt~0); {34649#true} is VALID [2022-02-20 18:06:21,915 INFO L290 TraceCheckUtils]: 49: Hoare triple {34649#true} assume 0 != ~__SELECTED_FEATURE_Keys~0; {34649#true} is VALID [2022-02-20 18:06:21,915 INFO L290 TraceCheckUtils]: 50: Hoare triple {34649#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {34649#true} is VALID [2022-02-20 18:06:21,915 INFO L290 TraceCheckUtils]: 51: Hoare triple {34649#true} assume 0 == ~__SELECTED_FEATURE_Verify~0; {34649#true} is VALID [2022-02-20 18:06:21,916 INFO L290 TraceCheckUtils]: 52: Hoare triple {34649#true} assume 0 == ~__SELECTED_FEATURE_Sign~0; {34649#true} is VALID [2022-02-20 18:06:21,916 INFO L290 TraceCheckUtils]: 53: Hoare triple {34649#true} assume 0 != ~__SELECTED_FEATURE_Base~0;valid_product_~tmp~20#1 := 1; {34649#true} is VALID [2022-02-20 18:06:21,916 INFO L290 TraceCheckUtils]: 54: Hoare triple {34649#true} valid_product_~retValue_acc~21#1 := valid_product_~tmp~20#1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {34649#true} is VALID [2022-02-20 18:06:21,916 INFO L290 TraceCheckUtils]: 55: Hoare triple {34649#true} main_#t~ret54#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret54#1 && main_#t~ret54#1 <= 2147483647;main_~tmp~14#1 := main_#t~ret54#1;havoc main_#t~ret54#1; {34649#true} is VALID [2022-02-20 18:06:21,916 INFO L290 TraceCheckUtils]: 56: Hoare triple {34649#true} assume 0 != main_~tmp~14#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet51#1, setup_#t~nondet52#1, setup_#t~nondet53#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1; {34649#true} is VALID [2022-02-20 18:06:21,916 INFO L290 TraceCheckUtils]: 57: Hoare triple {34649#true} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_bob__role__Keys } true;setup_bob__role__Keys_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__role__Keys_~bob___0#1;setup_bob__role__Keys_~bob___0#1 := setup_bob__role__Keys_#in~bob___0#1; {34649#true} is VALID [2022-02-20 18:06:21,916 INFO L272 TraceCheckUtils]: 58: Hoare triple {34649#true} call setup_bob__before__Keys(setup_bob__role__Keys_~bob___0#1); {34649#true} is VALID [2022-02-20 18:06:21,916 INFO L290 TraceCheckUtils]: 59: Hoare triple {34649#true} ~bob___0 := #in~bob___0; {34649#true} is VALID [2022-02-20 18:06:21,917 INFO L272 TraceCheckUtils]: 60: Hoare triple {34649#true} call setClientId(~bob___0, ~bob___0); {34649#true} is VALID [2022-02-20 18:06:21,917 INFO L290 TraceCheckUtils]: 61: Hoare triple {34649#true} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:21,917 INFO L290 TraceCheckUtils]: 62: Hoare triple {34649#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:21,917 INFO L290 TraceCheckUtils]: 63: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,917 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {34649#true} {34649#true} #1731#return; {34649#true} is VALID [2022-02-20 18:06:21,917 INFO L290 TraceCheckUtils]: 65: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,917 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {34649#true} {34649#true} #1749#return; {34649#true} is VALID [2022-02-20 18:06:21,918 INFO L272 TraceCheckUtils]: 67: Hoare triple {34649#true} call setClientPrivateKey(setup_bob__role__Keys_~bob___0#1, 123); {34649#true} is VALID [2022-02-20 18:06:21,918 INFO L290 TraceCheckUtils]: 68: Hoare triple {34649#true} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:21,918 INFO L290 TraceCheckUtils]: 69: Hoare triple {34649#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:21,918 INFO L290 TraceCheckUtils]: 70: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,918 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {34649#true} {34649#true} #1751#return; {34649#true} is VALID [2022-02-20 18:06:21,918 INFO L290 TraceCheckUtils]: 72: Hoare triple {34649#true} assume { :end_inline_setup_bob__role__Keys } true; {34649#true} is VALID [2022-02-20 18:06:21,919 INFO L290 TraceCheckUtils]: 73: Hoare triple {34649#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet51#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1; {34983#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:06:21,919 INFO L290 TraceCheckUtils]: 74: Hoare triple {34983#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_rjh__role__Keys } true;setup_rjh__role__Keys_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__role__Keys_~rjh___0#1;setup_rjh__role__Keys_~rjh___0#1 := setup_rjh__role__Keys_#in~rjh___0#1; {34987#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:06:21,919 INFO L272 TraceCheckUtils]: 75: Hoare triple {34987#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setup_rjh__before__Keys(setup_rjh__role__Keys_~rjh___0#1); {34649#true} is VALID [2022-02-20 18:06:21,919 INFO L290 TraceCheckUtils]: 76: Hoare triple {34649#true} ~rjh___0 := #in~rjh___0; {34649#true} is VALID [2022-02-20 18:06:21,920 INFO L272 TraceCheckUtils]: 77: Hoare triple {34649#true} call setClientId(~rjh___0, ~rjh___0); {34649#true} is VALID [2022-02-20 18:06:21,920 INFO L290 TraceCheckUtils]: 78: Hoare triple {34649#true} ~handle := #in~handle;~value := #in~value; {34649#true} is VALID [2022-02-20 18:06:21,920 INFO L290 TraceCheckUtils]: 79: Hoare triple {34649#true} assume !(1 == ~handle); {34649#true} is VALID [2022-02-20 18:06:21,920 INFO L290 TraceCheckUtils]: 80: Hoare triple {34649#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {34649#true} is VALID [2022-02-20 18:06:21,920 INFO L290 TraceCheckUtils]: 81: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,920 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {34649#true} {34649#true} #1683#return; {34649#true} is VALID [2022-02-20 18:06:21,920 INFO L290 TraceCheckUtils]: 83: Hoare triple {34649#true} assume true; {34649#true} is VALID [2022-02-20 18:06:21,921 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {34649#true} {34987#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1755#return; {34987#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} is VALID [2022-02-20 18:06:21,921 INFO L272 TraceCheckUtils]: 85: Hoare triple {34987#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} call setClientPrivateKey(setup_rjh__role__Keys_~rjh___0#1, 456); {34649#true} is VALID [2022-02-20 18:06:21,921 INFO L290 TraceCheckUtils]: 86: Hoare triple {34649#true} ~handle := #in~handle;~value := #in~value; {35024#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:06:21,921 INFO L290 TraceCheckUtils]: 87: Hoare triple {35024#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35028#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:06:21,922 INFO L290 TraceCheckUtils]: 88: Hoare triple {35028#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {35028#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:06:21,922 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {35028#(<= |setClientPrivateKey_#in~handle| 1)} {34987#(<= 2 |ULTIMATE.start_setup_rjh__role__Keys_~rjh___0#1|)} #1757#return; {34650#false} is VALID [2022-02-20 18:06:21,922 INFO L290 TraceCheckUtils]: 90: Hoare triple {34650#false} assume { :end_inline_setup_rjh__role__Keys } true; {34650#false} is VALID [2022-02-20 18:06:21,923 INFO L290 TraceCheckUtils]: 91: Hoare triple {34650#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet52#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1; {34650#false} is VALID [2022-02-20 18:06:21,923 INFO L290 TraceCheckUtils]: 92: Hoare triple {34650#false} assume 0 != ~__SELECTED_FEATURE_Keys~0;assume { :begin_inline_setup_chuck__role__Keys } true;setup_chuck__role__Keys_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__role__Keys_~chuck___0#1;setup_chuck__role__Keys_~chuck___0#1 := setup_chuck__role__Keys_#in~chuck___0#1; {34650#false} is VALID [2022-02-20 18:06:21,923 INFO L272 TraceCheckUtils]: 93: Hoare triple {34650#false} call setup_chuck__before__Keys(setup_chuck__role__Keys_~chuck___0#1); {34650#false} is VALID [2022-02-20 18:06:21,923 INFO L290 TraceCheckUtils]: 94: Hoare triple {34650#false} ~chuck___0 := #in~chuck___0; {34650#false} is VALID [2022-02-20 18:06:21,923 INFO L272 TraceCheckUtils]: 95: Hoare triple {34650#false} call setClientId(~chuck___0, ~chuck___0); {34650#false} is VALID [2022-02-20 18:06:21,923 INFO L290 TraceCheckUtils]: 96: Hoare triple {34650#false} ~handle := #in~handle;~value := #in~value; {34650#false} is VALID [2022-02-20 18:06:21,923 INFO L290 TraceCheckUtils]: 97: Hoare triple {34650#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {34650#false} is VALID [2022-02-20 18:06:21,923 INFO L290 TraceCheckUtils]: 98: Hoare triple {34650#false} assume true; {34650#false} is VALID [2022-02-20 18:06:21,923 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {34650#false} {34650#false} #1625#return; {34650#false} is VALID [2022-02-20 18:06:21,924 INFO L290 TraceCheckUtils]: 100: Hoare triple {34650#false} assume true; {34650#false} is VALID [2022-02-20 18:06:21,924 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {34650#false} {34650#false} #1761#return; {34650#false} is VALID [2022-02-20 18:06:21,924 INFO L272 TraceCheckUtils]: 102: Hoare triple {34650#false} call setClientPrivateKey(setup_chuck__role__Keys_~chuck___0#1, 789); {34650#false} is VALID [2022-02-20 18:06:21,924 INFO L290 TraceCheckUtils]: 103: Hoare triple {34650#false} ~handle := #in~handle;~value := #in~value; {34650#false} is VALID [2022-02-20 18:06:21,924 INFO L290 TraceCheckUtils]: 104: Hoare triple {34650#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {34650#false} is VALID [2022-02-20 18:06:21,924 INFO L290 TraceCheckUtils]: 105: Hoare triple {34650#false} assume true; {34650#false} is VALID [2022-02-20 18:06:21,924 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {34650#false} {34650#false} #1763#return; {34650#false} is VALID [2022-02-20 18:06:21,924 INFO L290 TraceCheckUtils]: 107: Hoare triple {34650#false} assume { :end_inline_setup_chuck__role__Keys } true; {34650#false} is VALID [2022-02-20 18:06:21,924 INFO L290 TraceCheckUtils]: 108: Hoare triple {34650#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~2#1.base, setup_~__cil_tmp3~2#1.offset := 15, 0;havoc setup_#t~nondet53#1; {34650#false} is VALID [2022-02-20 18:06:21,925 INFO L290 TraceCheckUtils]: 109: Hoare triple {34650#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {34650#false} is VALID [2022-02-20 18:06:21,925 INFO L290 TraceCheckUtils]: 110: Hoare triple {34650#false} assume !false; {34650#false} is VALID [2022-02-20 18:06:21,925 INFO L290 TraceCheckUtils]: 111: Hoare triple {34650#false} assume test_~splverifierCounter~0#1 < 4; {34650#false} is VALID [2022-02-20 18:06:21,925 INFO L290 TraceCheckUtils]: 112: Hoare triple {34650#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {34650#false} is VALID [2022-02-20 18:06:21,925 INFO L290 TraceCheckUtils]: 113: Hoare triple {34650#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {34650#false} is VALID [2022-02-20 18:06:21,925 INFO L290 TraceCheckUtils]: 114: Hoare triple {34650#false} assume !(0 != test_~tmp___9~0#1); {34650#false} is VALID [2022-02-20 18:06:21,925 INFO L290 TraceCheckUtils]: 115: Hoare triple {34650#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {34650#false} is VALID [2022-02-20 18:06:21,925 INFO L290 TraceCheckUtils]: 116: Hoare triple {34650#false} assume 0 != test_~tmp___8~0#1; {34650#false} is VALID [2022-02-20 18:06:21,925 INFO L290 TraceCheckUtils]: 117: Hoare triple {34650#false} assume !(0 != ~__SELECTED_FEATURE_AutoResponder~0); {34650#false} is VALID [2022-02-20 18:06:21,926 INFO L290 TraceCheckUtils]: 118: Hoare triple {34650#false} test_~op2~0#1 := 1; {34650#false} is VALID [2022-02-20 18:06:21,926 INFO L290 TraceCheckUtils]: 119: Hoare triple {34650#false} assume !false; {34650#false} is VALID [2022-02-20 18:06:21,926 INFO L290 TraceCheckUtils]: 120: Hoare triple {34650#false} assume !(test_~splverifierCounter~0#1 < 4); {34650#false} is VALID [2022-02-20 18:06:21,926 INFO L290 TraceCheckUtils]: 121: Hoare triple {34650#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret46#1, bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_~tmp~13#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~13#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret46#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret46#1 && bobToRjh_#t~ret46#1 <= 2147483647;havoc bobToRjh_#t~ret46#1; {34650#false} is VALID [2022-02-20 18:06:21,926 INFO L272 TraceCheckUtils]: 122: Hoare triple {34650#false} call sendEmail(~bob~0, ~rjh~0); {34650#false} is VALID [2022-02-20 18:06:21,926 INFO L290 TraceCheckUtils]: 123: Hoare triple {34650#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {34650#false} is VALID [2022-02-20 18:06:21,926 INFO L272 TraceCheckUtils]: 124: Hoare triple {34650#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {34650#false} is VALID [2022-02-20 18:06:21,926 INFO L290 TraceCheckUtils]: 125: Hoare triple {34650#false} ~handle := #in~handle;~value := #in~value; {34650#false} is VALID [2022-02-20 18:06:21,927 INFO L290 TraceCheckUtils]: 126: Hoare triple {34650#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34650#false} is VALID [2022-02-20 18:06:21,927 INFO L290 TraceCheckUtils]: 127: Hoare triple {34650#false} assume true; {34650#false} is VALID [2022-02-20 18:06:21,927 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {34650#false} {34650#false} #1647#return; {34650#false} is VALID [2022-02-20 18:06:21,927 INFO L272 TraceCheckUtils]: 129: Hoare triple {34650#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {34650#false} is VALID [2022-02-20 18:06:21,927 INFO L290 TraceCheckUtils]: 130: Hoare triple {34650#false} ~handle := #in~handle;~value := #in~value; {34650#false} is VALID [2022-02-20 18:06:21,927 INFO L290 TraceCheckUtils]: 131: Hoare triple {34650#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {34650#false} is VALID [2022-02-20 18:06:21,927 INFO L290 TraceCheckUtils]: 132: Hoare triple {34650#false} assume true; {34650#false} is VALID [2022-02-20 18:06:21,927 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {34650#false} {34650#false} #1649#return; {34650#false} is VALID [2022-02-20 18:06:21,927 INFO L290 TraceCheckUtils]: 134: Hoare triple {34650#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {34650#false} is VALID [2022-02-20 18:06:21,927 INFO L290 TraceCheckUtils]: 135: Hoare triple {34650#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~9#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~9#1; {34650#false} is VALID [2022-02-20 18:06:21,928 INFO L272 TraceCheckUtils]: 136: Hoare triple {34650#false} call outgoing(~sender#1, ~email~0#1); {34650#false} is VALID [2022-02-20 18:06:21,928 INFO L290 TraceCheckUtils]: 137: Hoare triple {34650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34650#false} is VALID [2022-02-20 18:06:21,928 INFO L290 TraceCheckUtils]: 138: Hoare triple {34650#false} assume !(0 != ~__SELECTED_FEATURE_Sign~0); {34650#false} is VALID [2022-02-20 18:06:21,928 INFO L272 TraceCheckUtils]: 139: Hoare triple {34650#false} call outgoing__before__Sign(~client#1, ~msg#1); {34650#false} is VALID [2022-02-20 18:06:21,928 INFO L290 TraceCheckUtils]: 140: Hoare triple {34650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34650#false} is VALID [2022-02-20 18:06:21,928 INFO L290 TraceCheckUtils]: 141: Hoare triple {34650#false} assume !(0 != ~__SELECTED_FEATURE_AddressBook~0); {34650#false} is VALID [2022-02-20 18:06:21,928 INFO L272 TraceCheckUtils]: 142: Hoare triple {34650#false} call outgoing__before__AddressBook(~client#1, ~msg#1); {34650#false} is VALID [2022-02-20 18:06:21,928 INFO L290 TraceCheckUtils]: 143: Hoare triple {34650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1; {34650#false} is VALID [2022-02-20 18:06:21,929 INFO L290 TraceCheckUtils]: 144: Hoare triple {34650#false} assume 0 != ~__SELECTED_FEATURE_Encrypt~0;assume { :begin_inline_outgoing__role__Encrypt } true;outgoing__role__Encrypt_#in~client#1, outgoing__role__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__role__Encrypt_#t~ret18#1, outgoing__role__Encrypt_#t~ret19#1, outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1, outgoing__role__Encrypt_~receiver~0#1, outgoing__role__Encrypt_~tmp~3#1, outgoing__role__Encrypt_~pubkey~0#1, outgoing__role__Encrypt_~tmp___0~1#1;outgoing__role__Encrypt_~client#1 := outgoing__role__Encrypt_#in~client#1;outgoing__role__Encrypt_~msg#1 := outgoing__role__Encrypt_#in~msg#1;havoc outgoing__role__Encrypt_~receiver~0#1;havoc outgoing__role__Encrypt_~tmp~3#1;havoc outgoing__role__Encrypt_~pubkey~0#1;havoc outgoing__role__Encrypt_~tmp___0~1#1; {34650#false} is VALID [2022-02-20 18:06:21,929 INFO L272 TraceCheckUtils]: 145: Hoare triple {34650#false} call outgoing__role__Encrypt_#t~ret18#1 := getEmailTo(outgoing__role__Encrypt_~msg#1); {34650#false} is VALID [2022-02-20 18:06:21,929 INFO L290 TraceCheckUtils]: 146: Hoare triple {34650#false} ~handle := #in~handle;havoc ~retValue_acc~3; {34650#false} is VALID [2022-02-20 18:06:21,929 INFO L290 TraceCheckUtils]: 147: Hoare triple {34650#false} assume 1 == ~handle;~retValue_acc~3 := ~__ste_email_to0~0;#res := ~retValue_acc~3; {34650#false} is VALID [2022-02-20 18:06:21,929 INFO L290 TraceCheckUtils]: 148: Hoare triple {34650#false} assume true; {34650#false} is VALID [2022-02-20 18:06:21,929 INFO L284 TraceCheckUtils]: 149: Hoare quadruple {34650#false} {34650#false} #1613#return; {34650#false} is VALID [2022-02-20 18:06:21,929 INFO L290 TraceCheckUtils]: 150: Hoare triple {34650#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret18#1 && outgoing__role__Encrypt_#t~ret18#1 <= 2147483647;outgoing__role__Encrypt_~tmp~3#1 := outgoing__role__Encrypt_#t~ret18#1;havoc outgoing__role__Encrypt_#t~ret18#1;outgoing__role__Encrypt_~receiver~0#1 := outgoing__role__Encrypt_~tmp~3#1; {34650#false} is VALID [2022-02-20 18:06:21,929 INFO L272 TraceCheckUtils]: 151: Hoare triple {34650#false} call outgoing__role__Encrypt_#t~ret19#1 := findPublicKey(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~receiver~0#1); {34650#false} is VALID [2022-02-20 18:06:21,929 INFO L290 TraceCheckUtils]: 152: Hoare triple {34650#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~42; {34650#false} is VALID [2022-02-20 18:06:21,930 INFO L290 TraceCheckUtils]: 153: Hoare triple {34650#false} assume 1 == ~handle; {34650#false} is VALID [2022-02-20 18:06:21,930 INFO L290 TraceCheckUtils]: 154: Hoare triple {34650#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~42 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~42; {34650#false} is VALID [2022-02-20 18:06:21,930 INFO L290 TraceCheckUtils]: 155: Hoare triple {34650#false} assume true; {34650#false} is VALID [2022-02-20 18:06:21,930 INFO L284 TraceCheckUtils]: 156: Hoare quadruple {34650#false} {34650#false} #1615#return; {34650#false} is VALID [2022-02-20 18:06:21,930 INFO L290 TraceCheckUtils]: 157: Hoare triple {34650#false} assume -2147483648 <= outgoing__role__Encrypt_#t~ret19#1 && outgoing__role__Encrypt_#t~ret19#1 <= 2147483647;outgoing__role__Encrypt_~tmp___0~1#1 := outgoing__role__Encrypt_#t~ret19#1;havoc outgoing__role__Encrypt_#t~ret19#1;outgoing__role__Encrypt_~pubkey~0#1 := outgoing__role__Encrypt_~tmp___0~1#1; {34650#false} is VALID [2022-02-20 18:06:21,930 INFO L290 TraceCheckUtils]: 158: Hoare triple {34650#false} assume !(0 != outgoing__role__Encrypt_~pubkey~0#1); {34650#false} is VALID [2022-02-20 18:06:21,930 INFO L272 TraceCheckUtils]: 159: Hoare triple {34650#false} call outgoing__before__Encrypt(outgoing__role__Encrypt_~client#1, outgoing__role__Encrypt_~msg#1); {34650#false} is VALID [2022-02-20 18:06:21,930 INFO L290 TraceCheckUtils]: 160: Hoare triple {34650#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~44#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~44#1; {34650#false} is VALID [2022-02-20 18:06:21,930 INFO L290 TraceCheckUtils]: 161: Hoare triple {34650#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~44#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~44#1; {34650#false} is VALID [2022-02-20 18:06:21,930 INFO L290 TraceCheckUtils]: 162: Hoare triple {34650#false} #t~ret17#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret17#1 && #t~ret17#1 <= 2147483647;~tmp~2#1 := #t~ret17#1;havoc #t~ret17#1; {34650#false} is VALID [2022-02-20 18:06:21,931 INFO L272 TraceCheckUtils]: 163: Hoare triple {34650#false} call setEmailFrom(~msg#1, ~tmp~2#1); {34650#false} is VALID [2022-02-20 18:06:21,931 INFO L290 TraceCheckUtils]: 164: Hoare triple {34650#false} ~handle := #in~handle;~value := #in~value; {34650#false} is VALID [2022-02-20 18:06:21,931 INFO L290 TraceCheckUtils]: 165: Hoare triple {34650#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {34650#false} is VALID [2022-02-20 18:06:21,931 INFO L290 TraceCheckUtils]: 166: Hoare triple {34650#false} assume true; {34650#false} is VALID [2022-02-20 18:06:21,931 INFO L284 TraceCheckUtils]: 167: Hoare quadruple {34650#false} {34650#false} #1659#return; {34650#false} is VALID [2022-02-20 18:06:21,931 INFO L290 TraceCheckUtils]: 168: Hoare triple {34650#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret15#1, mail_#t~ret16#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptForward_spec__2 } true;__utac_acc__EncryptForward_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1, __utac_acc__EncryptForward_spec__2_#t~nondet93#1, __utac_acc__EncryptForward_spec__2_#t~ret94#1, __utac_acc__EncryptForward_spec__2_~msg#1, __utac_acc__EncryptForward_spec__2_~tmp~19#1, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;__utac_acc__EncryptForward_spec__2_~msg#1 := __utac_acc__EncryptForward_spec__2_#in~msg#1;havoc __utac_acc__EncryptForward_spec__2_~tmp~19#1;havoc __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset;call __utac_acc__EncryptForward_spec__2_#t~ret92#1 := puts(33, 0);assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret92#1 && __utac_acc__EncryptForward_spec__2_#t~ret92#1 <= 2147483647;havoc __utac_acc__EncryptForward_spec__2_#t~ret92#1;__utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.base, __utac_acc__EncryptForward_spec__2_~__cil_tmp3~4#1.offset := 34, 0;havoc __utac_acc__EncryptForward_spec__2_#t~nondet93#1; {34650#false} is VALID [2022-02-20 18:06:21,931 INFO L290 TraceCheckUtils]: 169: Hoare triple {34650#false} assume 0 != ~in_encrypted~0; {34650#false} is VALID [2022-02-20 18:06:21,931 INFO L272 TraceCheckUtils]: 170: Hoare triple {34650#false} call __utac_acc__EncryptForward_spec__2_#t~ret94#1 := isEncrypted(__utac_acc__EncryptForward_spec__2_~msg#1); {34650#false} is VALID [2022-02-20 18:06:21,931 INFO L290 TraceCheckUtils]: 171: Hoare triple {34650#false} ~handle := #in~handle;havoc ~retValue_acc~6; {34650#false} is VALID [2022-02-20 18:06:21,932 INFO L290 TraceCheckUtils]: 172: Hoare triple {34650#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~6; {34650#false} is VALID [2022-02-20 18:06:21,932 INFO L290 TraceCheckUtils]: 173: Hoare triple {34650#false} assume true; {34650#false} is VALID [2022-02-20 18:06:21,932 INFO L284 TraceCheckUtils]: 174: Hoare quadruple {34650#false} {34650#false} #1661#return; {34650#false} is VALID [2022-02-20 18:06:21,932 INFO L290 TraceCheckUtils]: 175: Hoare triple {34650#false} assume -2147483648 <= __utac_acc__EncryptForward_spec__2_#t~ret94#1 && __utac_acc__EncryptForward_spec__2_#t~ret94#1 <= 2147483647;__utac_acc__EncryptForward_spec__2_~tmp~19#1 := __utac_acc__EncryptForward_spec__2_#t~ret94#1;havoc __utac_acc__EncryptForward_spec__2_#t~ret94#1; {34650#false} is VALID [2022-02-20 18:06:21,932 INFO L290 TraceCheckUtils]: 176: Hoare triple {34650#false} assume !(0 != __utac_acc__EncryptForward_spec__2_~tmp~19#1);assume { :begin_inline___automaton_fail } true; {34650#false} is VALID [2022-02-20 18:06:21,932 INFO L290 TraceCheckUtils]: 177: Hoare triple {34650#false} assume !false; {34650#false} is VALID [2022-02-20 18:06:21,932 INFO L134 CoverageAnalysis]: Checked inductivity of 114 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 95 trivial. 0 not checked. [2022-02-20 18:06:21,933 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:21,933 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [600605838] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:21,933 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:06:21,933 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [13] total 17 [2022-02-20 18:06:21,933 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1470816216] [2022-02-20 18:06:21,933 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:21,934 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) Word has length 178 [2022-02-20 18:06:21,934 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:21,934 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:06:22,047 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 158 edges. 158 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:22,048 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:22,048 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:22,048 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:22,049 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=34, Invalid=238, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:06:22,049 INFO L87 Difference]: Start difference. First operand 686 states and 1001 transitions. Second operand has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:06:23,944 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:23,944 INFO L93 Difference]: Finished difference Result 1316 states and 1937 transitions. [2022-02-20 18:06:23,944 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:06:23,944 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) Word has length 178 [2022-02-20 18:06:23,945 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:23,945 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:06:23,956 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 1633 transitions. [2022-02-20 18:06:23,957 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:06:23,968 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 1633 transitions. [2022-02-20 18:06:23,969 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 1633 transitions. [2022-02-20 18:06:25,075 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1633 edges. 1633 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:25,100 INFO L225 Difference]: With dead ends: 1316 [2022-02-20 18:06:25,100 INFO L226 Difference]: Without dead ends: 688 [2022-02-20 18:06:25,101 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 231 GetRequests, 214 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=43, Invalid=299, Unknown=0, NotChecked=0, Total=342 [2022-02-20 18:06:25,102 INFO L933 BasicCegarLoop]: 836 mSDtfsCounter, 361 mSDsluCounter, 2940 mSDsCounter, 0 mSdLazyCounter, 56 mSolverCounterSat, 47 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 361 SdHoareTripleChecker+Valid, 3776 SdHoareTripleChecker+Invalid, 103 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 47 IncrementalHoareTripleChecker+Valid, 56 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:25,102 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [361 Valid, 3776 Invalid, 103 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [47 Valid, 56 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:06:25,103 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 688 states. [2022-02-20 18:06:25,209 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 688 to 688. [2022-02-20 18:06:25,209 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:25,210 INFO L82 GeneralOperation]: Start isEquivalent. First operand 688 states. Second operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 537 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 18:06:25,211 INFO L74 IsIncluded]: Start isIncluded. First operand 688 states. Second operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 537 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 18:06:25,212 INFO L87 Difference]: Start difference. First operand 688 states. Second operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 537 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 18:06:25,231 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:25,231 INFO L93 Difference]: Finished difference Result 688 states and 1007 transitions. [2022-02-20 18:06:25,232 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1007 transitions. [2022-02-20 18:06:25,233 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:25,233 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:25,235 INFO L74 IsIncluded]: Start isIncluded. First operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 537 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) Second operand 688 states. [2022-02-20 18:06:25,235 INFO L87 Difference]: Start difference. First operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 537 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) Second operand 688 states. [2022-02-20 18:06:25,255 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:25,255 INFO L93 Difference]: Finished difference Result 688 states and 1007 transitions. [2022-02-20 18:06:25,255 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1007 transitions. [2022-02-20 18:06:25,257 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:25,257 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:25,257 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:25,257 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:25,258 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 688 states, 524 states have (on average 1.463740458015267) internal successors, (767), 537 states have internal predecessors, (767), 117 states have call successors, (117), 44 states have call predecessors, (117), 46 states have return successors, (123), 115 states have call predecessors, (123), 116 states have call successors, (123) [2022-02-20 18:06:25,284 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 688 states to 688 states and 1007 transitions. [2022-02-20 18:06:25,284 INFO L78 Accepts]: Start accepts. Automaton has 688 states and 1007 transitions. Word has length 178 [2022-02-20 18:06:25,285 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:25,285 INFO L470 AbstractCegarLoop]: Abstraction has 688 states and 1007 transitions. [2022-02-20 18:06:25,285 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 21.4) internal successors, (107), 6 states have internal predecessors, (107), 3 states have call successors, (28), 2 states have call predecessors, (28), 3 states have return successors, (23), 3 states have call predecessors, (23), 3 states have call successors, (23) [2022-02-20 18:06:25,285 INFO L276 IsEmpty]: Start isEmpty. Operand 688 states and 1007 transitions. [2022-02-20 18:06:25,287 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 180 [2022-02-20 18:06:25,287 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:25,287 INFO L514 BasicCegarLoop]: trace histogram [8, 8, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:25,311 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:25,508 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:06:25,509 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__before__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:25,509 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:25,509 INFO L85 PathProgramCache]: Analyzing trace with hash 970196414, now seen corresponding path program 1 times [2022-02-20 18:06:25,509 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:25,509 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [102402706] [2022-02-20 18:06:25,509 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:25,510 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:25,555 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat